HierarchyMap


TenantSummary

Anything which can help you learn Azure Policy GitHub
Download CSV semicolon | comma
Scope Scope Id Policy DisplayName Policy Name PolicyId Category ALZ Effect Role definitions Unique assignments Used in PolicySets CreatedOn CreatedBy UpdatedOn UpdatedBy
Mg esjh 1234_AP_MG_RA_onRG_(1234_RG_CUST) 1234_AP_MG_RA_onRG_(1234_RG_CUST) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/1234_ap_mg_ra_onrg_(1234_rg_cust) 1234_RgRoleAssignment false Fixed: deployIfNotExists Owner 0 2 (1234_API_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust)), 1234_API_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust))) 09/14/2021 16:55:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 1234_AP_MG_RA_onSub 42672afc-0fc0-4dea-9f1d-95dcd2f9a21c /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c false Fixed: deployIfNotExists 1234 RoleAssignmentSubscriptionOwner 3 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f) 0 03/09/2022 07:00:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/10/2022 14:56:28 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub 20217969-e578-4e91-beea-9bcf18b05a7e 1234Deny-ra-if-SPObjectId 8a9070c4-7eec-4b78-b044-62c20a06d1de /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/policydefinitions/8a9070c4-7eec-4b78-b044-62c20a06d1de false Fixed: deny n/a 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/policyassignments/fa0ac64635d34f42b8e052ba) 0 03/17/2022 15:06:00 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh-online ALZFake 7a2ec127-9921-445e-a3bb-91f7099f545d /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policydefinitions/7a2ec127-9921-445e-a3bb-91f7099f545d cust_fakeALZ_Locations true Fixed: audit n/a 0 0 09/08/2022 18:16:26 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh Application Gateway should be deployed with WAF enabled Deny-AppGW-Without-WAF /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-appgw-without-waf Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub f28ba982-5ed0-4033-9bdf-e45e4b5df466 Create NSG Rule 4e7e976d-d94c-47a3-a534-392c641cecd8 /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/4e7e976d-d94c-47a3-a534-392c641cecd8 CUST_NSG false Fixed: append n/a 0 0 05/18/2021 18:01:38 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 05/18/2021 18:22:00 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub 4dfa3b56-55bf-4059-802a-24e44a4fb60f cust_Deploy a default budget on all subscriptions under the assigned scope 1c5e347d-1d8f-4854-9d88-918455c3c983 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/1c5e347d-1d8f-4854-9d88-918455c3c983 ALZClone true Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled Contributor 0 0 08/31/2022 13:35:26 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh-platform cust2_Deploy a default budget on all subscriptions under the assigned scope 4a132703-b3fd-4228-aaaa-f46ebc34a324 /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/policydefinitions/4a132703-b3fd-4228-aaaa-f46ebc34a324 true Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled Contributor 0 0 08/31/2022 18:02:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh Deny the creation of private DNS Deny-Private-DNS-Zones /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-private-dns-zones Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (API - Deny the creation of private DNS - cust (/providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Deny the creation of private DNS - cust 53568753-a797-45d7-a552-d55f4a398bbb /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/53568753-a797-45d7-a552-d55f4a398bbb Network-custom true Default: Deny; Allowed: Audit,Deny,Disabled n/a 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/d1212de8a8fd4184a8965eea) 1 (API - Deny the creation of private DNS - cust (/providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f)) 05/02/2022 07:01:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh Deny the creation of public IP Deny-PublicIP /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicip Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deny vNet peering Deny-ERPeering /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-erpeering Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy a default budget on subscriptions Deploy-Budget /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-budget Budget true Fixed: DeployIfNotExists Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy an Azure DDoS Protection Standard plan Deploy-DDoSProtection /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-ddosprotection Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Azure Defender settings in Azure Security Center. Deploy-ASC-Standard /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Security Center true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Security Admin 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security) 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Azure Firewall Manager policy in the subscription Deploy-FirewallPolicy /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-firewallpolicy Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploy-Diagnostics-ActivityLog /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log) 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace Deploy-Diagnostics-AnalysisService /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for API Management to Log Analytics workspace Deploy-Diagnostics-APIMgmt /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace Deploy-Diagnostics-WebServerFarm /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for App Service to Log Analytics workspace Deploy-Diagnostics-Website /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace Deploy-Diagnostics-ApplicationGateway /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Automation to Log Analytics workspace Deploy-Diagnostics-AA /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace Deploy-Diagnostics-DataLakeStore /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace Deploy-Diagnostics-Function /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 09/14/2021 15:38:21 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg esjh Deploy Diagnostic Settings for Batch to Log Analytics workspace Deploy-Diagnostics-Batch /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace Deploy-Diagnostics-CDNEndpoints /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace Deploy-Diagnostics-CognitiveServices /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Container Instances to Log Analytics workspace Deploy-Diagnostics-ACI /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Container Registry to Log Analytics workspace Deploy-Diagnostics-ACR /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace Deploy-Diagnostics-CosmosDB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Data Factory to Log Analytics workspace Deploy-Diagnostics-DataFactory /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace Deploy-Diagnostics-DLAnalytics /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace Deploy-Diagnostics-MySQL /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace Deploy-Diagnostics-PostgreSQL /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Databricks to Log Analytics workspace Deploy-Diagnostics-Databricks /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace Deploy-Diagnostics-EventGridSub /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace Deploy-Diagnostics-EventGridSystemTopic /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace Deploy-Diagnostics-EventGridTopic /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace Deploy-Diagnostics-EventHub /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace Deploy-Diagnostics-ExpressRoute /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Firewall to Log Analytics workspace Deploy-Diagnostics-Firewall /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Front Door to Log Analytics workspace Deploy-Diagnostics-FrontDoor /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for HDInsight to Log Analytics workspace Deploy-Diagnostics-HDInsight /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace Deploy-Diagnostics-iotHub /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Key Vault to Log Analytics workspace Deploy-Diagnostics-KeyVault /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace Deploy-Diagnostics-AKS /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace Deploy-Diagnostics-LoadBalancer /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace Deploy-Diagnostics-LogicAppsISE /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace Deploy-Diagnostics-LogicAppsWF /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace Deploy-Diagnostics-MlWorkspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for MariaDB to Log Analytics workspace Deploy-Diagnostics-MariaDB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace Deploy-Diagnostics-NIC /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace Deploy-Diagnostics-NetworkSecurityGroups /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace Deploy-Diagnostics-PowerBIEmbedded /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace Deploy-Diagnostics-PublicIP /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace Deploy-Diagnostics-RecoveryVault /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace Deploy-Diagnostics-RedisCache /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Relay to Log Analytics workspace Deploy-Diagnostics-Relay /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Search Services to Log Analytics workspace Deploy-Diagnostics-SearchServices /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace Deploy-Diagnostics-ServiceBus /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for SignalR to Log Analytics workspace Deploy-Diagnostics-SignalR /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace Deploy-Diagnostics-SQLDBs /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace Deploy-Diagnostics-SQLElasticPools /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace Deploy-Diagnostics-SQLMI /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace Deploy-Diagnostics-StreamAnalytics /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace Deploy-Diagnostics-TimeSeriesInsights /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace Deploy-Diagnostics-TrafficManager /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace Deploy-Diagnostics-VMSS /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace Deploy-Diagnostics-VM /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace Deploy-Diagnostics-VirtualNetwork /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace Deploy-Diagnostics-VNetGW /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy DNS Zone Group for Key Vault Private Endpoint Deploy-DNSZoneGroup-For-KeyVault-PrivateEndpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-keyvault-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy DNS Zone Group for SQL Private Endpoint Deploy-DNSZoneGroup-For-Sql-PrivateEndpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-sql-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy DNS Zone Group for Storage-Blob Private Endpoint Deploy-DNSZoneGroup-For-Table-PrivateEndpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-table-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy DNS Zone Group for Storage-File Private Endpoint Deploy-DNSZoneGroup-For-File-PrivateEndpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-file-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy DNS Zone Group for Storage-Queue Private Endpoint Deploy-DNSZoneGroup-For-Queue-PrivateEndpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-queue-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy DNS Zone Group for Storage-Blob Private Endpoint Deploy-DNSZoneGroup-For-Blob-PrivateEndpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-blob-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy spoke network with configuration to hub network based on ipam configuration object Deploy-vNet /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 01/10/2021 20:57:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy SQL database auditing settings Deploy-Sql-AuditingSettings /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-auditingsettings SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security)) 01/10/2021 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy SQL Database security Alert Policies configuration with email admin accounts Deploy-Sql-SecurityAlertPolicies /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-securityalertpolicies SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy SQL Database Transparent Data Encryption Deploy-Sql-Tde /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-tde SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security)) 01/10/2021 20:57:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy SQL Database vulnerability Assessments Deploy-Sql-vulnerabilityAssessments /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-vulnerabilityassessments SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager, Monitoring Contributor 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy the configurations to the Log Analytics in the subscription Deploy-LA-Config /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-la-config Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy the Log Analytics in the subscription Deploy-Log-Analytics /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 1 (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics) 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy the Virtual WAN in the specific region Deploy-vWAN /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vwan Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Virtual Hub network with Virtual Wan and Gateway and Firewall configured. Deploy-vHUB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vhub Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Virtual Network to be used as hub virtual network in desired region Deploy-HUB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-hub Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploy Windows Domain Join Extension with keyvault configuration Deploy-Windows-DomainJoin /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-windows-domainjoin Guest Configuration true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Virtual Machine Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploys NSG flow logs and traffic analytics Deploy-Nsg-FlowLogs /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-nsg-flowlogs Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Deploys virtual network peering to hub Deploy-VNET-HubSpoke /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet-hubspoke Network true Fixed: deployIfNotExists Contributor 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg 896470ca-9c6e-4176-9b38-5a655403c638 DiagSubscriptionsDim 68b79a92-8932-4f15-88a6-0ed2675fa157 /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/68b79a92-8932-4f15-88a6-0ed2675fa157 false Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Log Analytics Contributor 1 (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe) 0 06/24/2022 14:46:59 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh Enforce Role assignment at Subscription Scope enforce-roleAssignment-subscriptionScope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope false Fixed: deployIfNotExists Owner 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0) 0 03/16/2022 23:18:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/16/2022 23:26:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh KeyVault SoftDelete should be enabled Append-KV-SoftDelete /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/append-kv-softdelete Key Vault true Fixed: append n/a 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg 896470ca-9c6e-4176-9b38-5a655403c638 My_AP_MG_raOnSub cedae647-a6f4-4c91-bc48-e411d86f335a /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a RBAC false Fixed: deployIfNotExists 1234 RoleAssignmentSubscriptionOwner 1 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623) 0 03/11/2022 07:34:09 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 09:13:52 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 myPipelinePolicy New Pipeline Policy 3 /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Cache false Default: Audit; Allowed: Audit,Deny n/a 1 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01) 0 10/27/2021 14:09:47 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1 10/27/2021 14:14:04 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1
Sub 4dfa3b56-55bf-4059-802a-24e44a4fb60f myPipelinePolicy New Pipeline Policy 3 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Cache false Default: Audit; Allowed: Audit,Deny n/a 0 0 10/27/2021 14:09:14 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipelineNonProd, ObjectSignInName: n/a, ObjectId: 192e9bab-be5b-4f6f-9e89-a4c80e638e43 10/27/2021 14:13:28 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipelineNonProd, ObjectSignInName: n/a, ObjectId: 192e9bab-be5b-4f6f-9e89-a4c80e638e43
Sub f28ba982-5ed0-4033-9bdf-e45e4b5df466 myPipelinePolicy New Pipeline Policy 3 /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Cache false Default: Audit; Allowed: Audit,Deny n/a 0 0 10/27/2021 14:08:41 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipelineDev, ObjectSignInName: n/a, ObjectId: 3a4c97c7-ae6d-4d5a-a9c7-2bb2e0127fb4 10/27/2021 14:12:59 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipelineDev, ObjectSignInName: n/a, ObjectId: 3a4c97c7-ae6d-4d5a-a9c7-2bb2e0127fb4
Mg 896470ca-9c6e-4176-9b38-5a655403c638 New Pipeline Policy New Pipeline Policy 2 /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 2 Cache false Default: Audit; Allowed: Audit,Deny n/a 0 0 10/27/2021 14:06:22 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1
Mg esjh No child resources in Automation Account Deny-AA-child-resources /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-aa-child-resources true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 09/22/2021 21:24:16 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg esjh Public network access on AKS API should be disabled Deny-PublicEndpoint-Aks /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks Kubernetes true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Public network access on Azure SQL Database should be disabled Deny-PublicEndpoint-Sql /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Public network access onStorage accounts should be disabled Deny-PublicEndpoint-Storage /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage Storage true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Public network access should be disabled for CosmosDB Deny-PublicEndpoint-CosmosDB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/15/2021 15:15:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh Public network access should be disabled for KeyVault Deny-PublicEndpoint-KeyVault /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault Key Vault true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg cust_t5 Public network access should be disabled for MariaDB Deny-PublicEndpoint-MariaDB /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 09/09/2022 15:09:45 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh Public network access should be disabled for MariaDB Deny-PublicEndpoint-MariaDB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Public network access should be disabled for MySQL Deny-PublicEndpoint-MySQL /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh Public network access should be disabled for PostgreSql Deny-PublicEndpoint-PostgreSql /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints)) 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg esjh RDP access from the Internet should be blocked Deny-RDP-From-Internet /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 1 (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet) 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg cust_t5 SQL managed instances deploy a specific min TLS version requirement. Deploy-SqlMi-minTLS /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deploy-sqlmi-mintls SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Owner 0 0 09/09/2022 15:11:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh Subnets should have a Network Security Group Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 1 (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg) 0 01/10/2021 20:57:38 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg 896470ca-9c6e-4176-9b38-5a655403c638 test_Deploy Diagnostic Settings for Subscription to Storage Account e1927c7a-e9e7-4657-9996-aff37b6560ed /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/e1927c7a-e9e7-4657-9996-aff37b6560ed test_diag false Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled Storage Account Contributor, Monitoring Contributor 0 0 12/31/2021 10:02:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 12/31/2021 10:37:02 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Download CSV semicolon | comma
Policy DisplayName PolicyId
test_Deploy Diagnostic Settings for Subscription to Storage Account /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/e1927c7a-e9e7-4657-9996-aff37b6560ed
New Pipeline Policy /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 2
Public network access should be disabled for MariaDB /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb
SQL managed instances deploy a specific min TLS version requirement. /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deploy-sqlmi-mintls
ALZFake /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policydefinitions/7a2ec127-9921-445e-a3bb-91f7099f545d
cust2_Deploy a default budget on all subscriptions under the assigned scope /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/policydefinitions/4a132703-b3fd-4228-aaaa-f46ebc34a324
KeyVault SoftDelete should be enabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/append-kv-softdelete
No child resources in Automation Account /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-aa-child-resources
Application Gateway should be deployed with WAF enabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-appgw-without-waf
Deny vNet peering /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-erpeering
Deny the creation of public IP /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicip
Deploy a default budget on subscriptions /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-budget
Deploy an Azure DDoS Protection Standard plan /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-ddosprotection
Deploy DNS Zone Group for Storage-Blob Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-blob-privateendpoint
Deploy DNS Zone Group for Storage-File Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-file-privateendpoint
Deploy DNS Zone Group for Key Vault Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-keyvault-privateendpoint
Deploy DNS Zone Group for Storage-Queue Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-queue-privateendpoint
Deploy DNS Zone Group for SQL Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-sql-privateendpoint
Deploy DNS Zone Group for Storage-Blob Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-table-privateendpoint
Deploy Azure Firewall Manager policy in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-firewallpolicy
Deploy Virtual Network to be used as hub virtual network in desired region /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-hub
Deploy the configurations to the Log Analytics in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-la-config
Deploys NSG flow logs and traffic analytics /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-nsg-flowlogs
Deploy Virtual Hub network with Virtual Wan and Gateway and Firewall configured. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vhub
Deploy spoke network with configuration to hub network based on ipam configuration object /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet
Deploys virtual network peering to hub /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet-hubspoke
Deploy the Virtual WAN in the specific region /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vwan
Deploy Windows Domain Join Extension with keyvault configuration /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-windows-domainjoin
cust_Deploy a default budget on all subscriptions under the assigned scope /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/1c5e347d-1d8f-4854-9d88-918455c3c983
myPipelinePolicy /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/new pipeline policy 3
Create NSG Rule /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/4e7e976d-d94c-47a3-a534-392c641cecd8
myPipelinePolicy /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/new pipeline policy 3
Download CSV semicolon | comma
Scope ScopeId PolicySet DisplayName PolicySet Name PolicySetId Category ALZ Unique assignments Policies used in PolicySet CreatedOn CreatedBy UpdatedOn UpdatedBy
Mg esjh 1234_API_MG_RA_onRG_(1234_RG_CUST) 1234_API_MG_RA_onRG_(1234_RG_CUST) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust) 1234_RgRoleAssignment false 2 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466) 2 (1234_AP_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/1234_ap_mg_ra_onrg_(1234_rg_cust)), 1234_AP_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/1234_ap_mg_ra_onrg_(1234_rg_cust))) 09/14/2021 16:55:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online API - Deny the creation of private DNS - cust ee6248fccddc45b59624ac8f /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f Network-custom false 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/fab7aac62c1d419d87835c61) 2 (Deny the creation of private DNS - cust (/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/53568753-a797-45d7-a552-d55f4a398bbb), Deny the creation of private DNS (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-private-dns-zones)) 05/02/2022 07:07:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 Deny or Audit resources without Encryption with a customer-managed key (CMK) Enforce-Encryption-CMK /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk Encryption true 0 15 (Azure API for FHIR should use a customer-managed key to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/051cba44-2429-45b9-9649-46cec11c7119), Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources (/providers/microsoft.authorization/policydefinitions/0961003e-5a0a-4549-abde-af6a37f2724d), [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd), PostgreSQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274), Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f), Container registries should be encrypted with a customer-managed key (/providers/microsoft.authorization/policydefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580), Cognitive Services accounts should enable data encryption with a customer-managed key (/providers/microsoft.authorization/policydefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d), Storage accounts should use customer-managed key for encryption (/providers/microsoft.authorization/policydefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25), Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys (/providers/microsoft.authorization/policydefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67), MySQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833), Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password (/providers/microsoft.authorization/policydefinitions/86efb160-8de7-451d-bc08-5d475b0aadae), Azure Stream Analytics jobs should use customer-managed keys to encrypt data (/providers/microsoft.authorization/policydefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7), Azure Batch account should use customer-managed keys to encrypt data (/providers/microsoft.authorization/policydefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a), Azure Machine Learning workspaces should be encrypted with a customer-managed key (/providers/microsoft.authorization/policydefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8), Azure Synapse workspaces should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385)) 09/09/2022 15:15:00 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH Deploy Diagnostic Settings to Azure Services Deploy-Diag-LogAnalytics /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Monitoring true 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag) 55 (Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice), Deploy Diagnostic Settings for API Management to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt), Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm), Deploy Diagnostic Settings for App Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website), Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway), Deploy Diagnostic Settings for Automation to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa), Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore), Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function), Deploy Diagnostic Settings for Batch to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch), Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints), Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices), Deploy Diagnostic Settings for Container Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci), Deploy Diagnostic Settings for Container Registry to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr), Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb), Deploy Diagnostic Settings for Data Factory to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory), Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics), Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql), Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql), Deploy Diagnostic Settings for Databricks to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks), Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub), Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic), Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic), Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub), Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute), Deploy Diagnostic Settings for Firewall to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall), Deploy Diagnostic Settings for Front Door to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor), Deploy Diagnostic Settings for HDInsight to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight), Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub), Deploy Diagnostic Settings for Key Vault to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault), Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks), Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer), Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise), Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf), Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace), Deploy Diagnostic Settings for MariaDB to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb), Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic), Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups), Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded), Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip), Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault), Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache), Deploy Diagnostic Settings for Relay to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay), Deploy Diagnostic Settings for Search Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices), Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus), Deploy Diagnostic Settings for SignalR to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr), Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs), Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools), Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi), Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics), Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights), Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager), Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss), Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm), Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork), Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw)) 01/10/2021 20:57:40 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH Deploy SQL Database built-in SQL security configuration Deploy-Sql-Security /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security SQL true 0 4 (Deploy SQL database auditing settings (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-auditingsettings), Deploy SQL Database security Alert Policies configuration with email admin accounts (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-securityalertpolicies), Deploy SQL Database Transparent Data Encryption (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-tde), Deploy SQL Database vulnerability Assessments (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-vulnerabilityassessments)) 01/10/2021 20:57:40 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones Public network access should be disabled for PAAS services 1234_API_MG_RoleAssignment_onRGMatching_(1234_RG_CUST*) /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*) false 0 8 (Public network access on AKS API should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks), Public network access on Azure SQL Database should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql), Public network access onStorage accounts should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage), Public network access should be disabled for CosmosDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb), Public network access should be disabled for KeyVault (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault), Public network access should be disabled for MariaDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb), Public network access should be disabled for MySQL (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql), Public network access should be disabled for PostgreSql (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql)) 08/31/2021 15:14:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH Public network access should be disabled for PAAS services Deny-PublicEndpoints /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints Network false 0 8 (Public network access on AKS API should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks), Public network access on Azure SQL Database should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql), Public network access onStorage accounts should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage), Public network access should be disabled for CosmosDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb), Public network access should be disabled for KeyVault (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault), Public network access should be disabled for MariaDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb), Public network access should be disabled for MySQL (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql), Public network access should be disabled for PostgreSql (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql)) 01/10/2021 20:57:40 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Download CSV semicolon | comma
PolicySet DisplayName PolicySetId
Deny or Audit resources without Encryption with a customer-managed key (CMK) /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk
Public network access should be disabled for PAAS services /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)
Public network access should be disabled for PAAS services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints
Deploy SQL Database built-in SQL security configuration /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security
Azure Landing Zones (ALZ) GitHub
Download CSV semicolon | comma
Type Policy Name (Id) Policy Version Policy Scope Policy Scope Id ALZ Policy Name (Id) ALZ Policy Version ALZ State Exists in tenant Detection method AzAdvertizer Link
Policy 4a132703-b3fd-4228-aaaa-f46ebc34a324 n/a Mg esjh-platform Deploy-Budget 1.1.0 potentiallyOutDated (no ver) True PolicyRule Hash AzA Link
Policy Deny-PublicEndpoint-Aks 1.0.0 Mg esjh Deny-PublicEndpoint-Aks obsolete True Policy Name
Policy Deploy-Diagnostics-MariaDB 1.0.0 Mg esjh Deploy-Diagnostics-MariaDB 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-Private-DNS-Zones 1.0.0 Mg esjh Deny-Private-DNS-Zones 1.0.0 upToDate True PolicyRule Hash, Policy Name AzA Link
Policy Deploy-Diagnostics-EventGridSub 1.0.0 Mg esjh Deploy-Diagnostics-EventGridSub 1.0.0 upToDate True Policy Name AzA Link
Policy 1c5e347d-1d8f-4854-9d88-918455c3c983 1.1.0 Sub 4dfa3b56-55bf-4059-802a-24e44a4fb60f Deploy-Budget 1.1.0 upToDate True PolicyRule Hash AzA Link
Policy Deploy-DNSZoneGroup-For-Blob-PrivateEndpoint 1.0.0 Mg esjh Deploy-DNSZoneGroup-For-Blob-PrivateEndpoint obsolete True Policy Name
Policy Deploy-Diagnostics-ACR 1.0.0 Mg esjh Deploy-Diagnostics-ACR 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Windows-DomainJoin 1.0.0 Mg esjh Deploy-Windows-DomainJoin 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Nsg-FlowLogs 1.0.0 Mg esjh Deploy-Nsg-FlowLogs 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-RedisCache 1.0.0 Mg esjh Deploy-Diagnostics-RedisCache 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-Batch 1.0.0 Mg esjh Deploy-Diagnostics-Batch obsolete True Policy Name
Policy Deploy-Diagnostics-Databricks 1.0.0 Mg esjh Deploy-Diagnostics-Databricks 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-SQLDBs 1.0.0 Mg esjh Deploy-Diagnostics-SQLDBs obsolete True Policy Name
Policy Deploy-Diagnostics-PublicIP 1.0.0 Mg esjh Deploy-Diagnostics-PublicIP obsolete True Policy Name
Policy Deploy-Diagnostics-MySQL 1.0.0 Mg esjh Deploy-Diagnostics-MySQL 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-PublicEndpoint-MariaDB 1.0.0 Mg cust_t5 Deny-PublicEndpoint-MariaDB 1.0.0 upToDate True PolicyRule Hash, Policy Name, MetaData Tag AzA Link
Policy Deploy-Sql-Tde 1.0.0 Mg esjh Deploy-Sql-Tde 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Log-Analytics 1.0.0 Mg esjh Deploy-Log-Analytics obsolete True Policy Name
Policy Deny-AppGW-Without-WAF 1.0.0 Mg esjh Deny-AppGW-Without-WAF 1.0.0 upToDate True PolicyRule Hash, Policy Name AzA Link
Policy Deny-PublicIP 1.0.0 Mg esjh Deny-PublicIP 1.0.0 upToDate True PolicyRule Hash, Policy Name AzA Link
Policy Deploy-Diagnostics-StreamAnalytics 1.0.0 Mg esjh Deploy-Diagnostics-StreamAnalytics obsolete True Policy Name
Policy Deploy-Diagnostics-AKS 1.0.0 Mg esjh Deploy-Diagnostics-AKS obsolete True Policy Name
Policy Deploy-Diagnostics-TimeSeriesInsights 1.0.0 Mg esjh Deploy-Diagnostics-TimeSeriesInsights 1.0.0 upToDate True Policy Name AzA Link
Policy 53568753-a797-45d7-a552-d55f4a398bbb n/a Mg 896470ca-9c6e-4176-9b38-5a655403c638 Deny-Private-DNS-Zones 1.0.0 potentiallyOutDated (no ver) True PolicyRule Hash AzA Link
Policy Deploy-Diagnostics-NIC 1.0.0 Mg esjh Deploy-Diagnostics-NIC 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-ERPeering 1.0.0 Mg esjh Deny-VNet-Peering 1.0.1 outDated True PolicyRule Hash AzA Link
Policy Deny-PublicEndpoint-Storage 1.0.0 Mg esjh Deny-PublicEndpoint-Storage obsolete True Policy Name
Policy Deploy-vWAN 1.0.0 Mg esjh Deploy-vWAN obsolete True Policy Name
Policy Deploy-Diagnostics-LoadBalancer 1.0.0 Mg esjh Deploy-Diagnostics-LoadBalancer 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-DNSZoneGroup-For-File-PrivateEndpoint 1.0.0 Mg esjh Deploy-DNSZoneGroup-For-File-PrivateEndpoint obsolete True Policy Name
Policy Deny-PublicEndpoint-MySQL 1.0.0 Mg esjh Deny-PublicEndpoint-MySQL obsolete True Policy Name
Policy Deploy-Diagnostics-LogicAppsWF 1.0.0 Mg esjh Deploy-Diagnostics-LogicAppsWF obsolete True Policy Name
Policy Deploy-Diagnostics-Website 1.0.0 Mg esjh Deploy-Diagnostics-Website 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-SQLElasticPools 1.0.0 Mg esjh Deploy-Diagnostics-SQLElasticPools 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-DLAnalytics 1.0.0 Mg esjh Deploy-Diagnostics-DLAnalytics 1.0.0 upToDate True Policy Name AzA Link
Policy Append-KV-SoftDelete 1.0.0 Mg esjh Append-KV-SoftDelete 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-EventHub 1.0.0 Mg esjh Deploy-Diagnostics-EventHub obsolete True Policy Name
Policy Deploy-vHUB 1.0.0 Mg esjh Deploy-vHUB obsolete True Policy Name
Policy Deploy-Diagnostics-SignalR 1.0.0 Mg esjh Deploy-Diagnostics-SignalR 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-VM 1.0.0 Mg esjh Deploy-Diagnostics-VM 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-TrafficManager 1.0.0 Mg esjh Deploy-Diagnostics-TrafficManager 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Sql-SecurityAlertPolicies 1.0.0 Mg esjh Deploy-Sql-SecurityAlertPolicies 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-AA-child-resources n/a Mg esjh Deny-AA-child-resources 1.0.0 potentiallyOutDated (no ver) True Policy Name AzA Link
Policy Deploy-Diagnostics-ActivityLog 1.0.0 Mg esjh Deploy-Diagnostics-ActivityLog obsolete True Policy Name
Policy Deploy-Diagnostics-AA 1.0.0 Mg esjh Deploy-Diagnostics-AA 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-SearchServices 1.0.0 Mg esjh Deploy-Diagnostics-SearchServices obsolete True Policy Name
Policy Deploy-Diagnostics-VirtualNetwork 1.0.0 Mg esjh Deploy-Diagnostics-VirtualNetwork 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-ACI 1.0.0 Mg esjh Deploy-Diagnostics-ACI 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-EventGridSystemTopic 1.0.0 Mg esjh Deploy-Diagnostics-EventGridSystemTopic 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-VNET-HubSpoke 1.0.0 Mg esjh Deploy-VNET-HubSpoke 1.1.0 outDated True Policy Name AzA Link
Policy Deploy-Diagnostics-WebServerFarm 1.0.0 Mg esjh Deploy-Diagnostics-WebServerFarm 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-PublicEndpoint-KeyVault 1.0.0 Mg esjh Deny-PublicEndpoint-KeyVault obsolete True Policy Name
Policy Deploy-Diagnostics-CognitiveServices 1.0.0 Mg esjh Deploy-Diagnostics-CognitiveServices 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-NetworkSecurityGroups 1.0.0 Mg esjh Deploy-Diagnostics-NetworkSecurityGroups 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-Subnet-Without-Nsg 1.0.0 Mg esjh Deny-Subnet-Without-Nsg 2.0.0 outDated True PolicyRule Hash, Policy Name AzA Link
Policy Deploy-Diagnostics-ExpressRoute 1.0.0 Mg esjh Deploy-Diagnostics-ExpressRoute 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-LogicAppsISE 1.0.0 Mg esjh Deploy-Diagnostics-LogicAppsISE 1.0.0 upToDate True Policy Name AzA Link
Policy 7a2ec127-9921-445e-a3bb-91f7099f545d 1.0.0 Mg esjh-online unknown True MetaData Tag
Policy Deploy-Diagnostics-SQLMI 1.0.0 Mg esjh Deploy-Diagnostics-SQLMI 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-Function n/a Mg esjh Deploy-Diagnostics-Function 1.0.0 potentiallyOutDated (no ver) True Policy Name AzA Link
Policy Deploy-Diagnostics-Relay 1.0.0 Mg esjh Deploy-Diagnostics-Relay 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-KeyVault 1.0.0 Mg esjh Deploy-Diagnostics-KeyVault obsolete True Policy Name
Policy Deploy-DDoSProtection 1.0.0 Mg esjh Deploy-DDoSProtection 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-PublicEndpoint-MariaDB 1.0.0 Mg esjh Deny-PublicEndpoint-MariaDB 1.0.0 upToDate True PolicyRule Hash, Policy Name AzA Link
Policy Deploy-LA-Config 1.0.0 Mg esjh Deploy-LA-Config obsolete True Policy Name
Policy Deploy-Diagnostics-PowerBIEmbedded 1.0.0 Mg esjh Deploy-Diagnostics-PowerBIEmbedded 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Budget 1.0.0 Mg esjh Deploy-Budget 1.1.0 outDated True Policy Name AzA Link
Policy Deploy-Diagnostics-Firewall 1.0.0 Mg esjh Deploy-Diagnostics-Firewall 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-DataLakeStore 1.0.0 Mg esjh Deploy-Diagnostics-DataLakeStore obsolete True Policy Name
Policy Deploy-Diagnostics-iotHub 1.0.0 Mg esjh Deploy-Diagnostics-iotHub 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-ASC-Standard 1.0.0 Mg esjh Deploy-ASC-Standard obsolete True Policy Name
Policy Deploy-Diagnostics-EventGridTopic 1.0.0 Mg esjh Deploy-Diagnostics-EventGridTopic 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-AnalysisService 1.0.0 Mg esjh Deploy-Diagnostics-AnalysisService 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-VMSS 1.0.0 Mg esjh Deploy-Diagnostics-VMSS 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-RecoveryVault 1.0.0 Mg esjh Deploy-Diagnostics-RecoveryVault obsolete True Policy Name
Policy Deploy-Diagnostics-ServiceBus 1.0.0 Mg esjh Deploy-Diagnostics-ServiceBus obsolete True Policy Name
Policy Deploy-Sql-AuditingSettings 1.0.0 Mg esjh Deploy-Sql-AuditingSettings 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-PublicEndpoint-PostgreSql 1.0.0 Mg esjh Deny-PublicEndpoint-PostgreSql obsolete True Policy Name
Policy Deploy-Diagnostics-FrontDoor 1.0.0 Mg esjh Deploy-Diagnostics-FrontDoor 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-HUB 1.0.0 Mg esjh Deploy-HUB obsolete True Policy Name
Policy Deploy-SqlMi-minTLS 1.0.0 Mg cust_t5 Deploy-SqlMi-minTLS 1.0.0 upToDate True PolicyRule Hash, Policy Name, MetaData Tag AzA Link
Policy Deploy-Diagnostics-PostgreSQL 1.0.0 Mg esjh Deploy-Diagnostics-PostgreSQL 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-CosmosDB 1.0.0 Mg esjh Deploy-Diagnostics-CosmosDB 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-PublicEndpoint-CosmosDB 1.0.0 Mg esjh Deny-PublicEndpoint-CosmosDB obsolete True Policy Name
Policy Deny-PublicEndpoint-Sql 1.0.0 Mg esjh Deny-PublicEndpoint-Sql obsolete True Policy Name
Policy Deploy-vNet 1.0.0 Mg esjh Deploy-vNet obsolete True Policy Name
Policy Deploy-Sql-vulnerabilityAssessments 1.0.0 Mg esjh Deploy-Sql-vulnerabilityAssessments 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-DNSZoneGroup-For-KeyVault-PrivateEndpoint 1.0.0 Mg esjh Deploy-DNSZoneGroup-For-KeyVault-PrivateEndpoint obsolete True Policy Name
Policy Deploy-DNSZoneGroup-For-Queue-PrivateEndpoint 1.0.0 Mg esjh Deploy-DNSZoneGroup-For-Queue-PrivateEndpoint obsolete True Policy Name
Policy Deploy-Diagnostics-APIMgmt 1.0.0 Mg esjh Deploy-Diagnostics-APIMgmt 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-VNetGW 1.0.0 Mg esjh Deploy-Diagnostics-VNetGW 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-MlWorkspace 1.0.0 Mg esjh Deploy-Diagnostics-MlWorkspace 1.1.0 outDated True Policy Name AzA Link
Policy Deploy-Diagnostics-CDNEndpoints 1.0.0 Mg esjh Deploy-Diagnostics-CDNEndpoints 1.0.0 upToDate True Policy Name AzA Link
Policy Deny-RDP-From-Internet 1.0.0 Mg esjh Deny-RDP-From-Internet 1.0.0 upToDate True PolicyRule Hash, Policy Name AzA Link
Policy Deploy-FirewallPolicy 1.0.0 Mg esjh Deploy-FirewallPolicy 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-DataFactory 1.0.0 Mg esjh Deploy-Diagnostics-DataFactory 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-Diagnostics-ApplicationGateway 1.0.0 Mg esjh Deploy-Diagnostics-ApplicationGateway 1.0.0 upToDate True Policy Name AzA Link
Policy Deploy-DNSZoneGroup-For-Sql-PrivateEndpoint 1.0.0 Mg esjh Deploy-DNSZoneGroup-For-Sql-PrivateEndpoint obsolete True Policy Name
Policy Deploy-DNSZoneGroup-For-Table-PrivateEndpoint 1.0.0 Mg esjh Deploy-DNSZoneGroup-For-Table-PrivateEndpoint obsolete True Policy Name
Policy Deploy-Diagnostics-HDInsight 1.0.0 Mg esjh Deploy-Diagnostics-HDInsight 1.0.0 upToDate True Policy Name AzA Link
Policy n/a n/a n/a n/a Deploy-Diagnostics-DataExplorerCluster 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-SqlMi-minTLS 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Append-AppService-latestTLS 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Diagnostics-WVDAppGroup 1.0.1 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-Databricks-Sku 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Custom-Route-Table 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-MachineLearning-Aks 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Nsg-FlowLogs-to-LA 1.1.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Diagnostics-AVDScalingPlans 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-PostgreSQL-sslEnforcement 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-PostgreSql-http 1.0.1 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-AppServiceWebApp-http 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-Sql-minTLS 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-VNET-Peering-To-Non-Approved-VNETs 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Diagnostics-ApiForFHIR 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-MachineLearning-PublicNetworkAccess 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Append-Redis-disableNonSslPort 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-Subnet-Without-UDR 2.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Diagnostics-WVDHostPools 1.1.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-MachineLearning-ComputeCluster-Scale 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-MachineLearning-HbiWorkspace 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Audit-MachineLearning-PrivateEndpointId 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-AppServiceFunctionApp-http 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-Databricks-VirtualNetwork 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Append-Redis-sslEnforcement 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-MySQL-sslEnforcement 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Diagnostics-Bastion 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-SQL-minTLS 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-VNET-Peer-Cross-Sub 1.0.1 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Diagnostics-MediaService 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-Databricks-NoPublicIp 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess 1.1.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-Redis-http 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-Storage-minTLS 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-ASC-SecurityContacts 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-MachineLearning-Compute-VmSize 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Storage-sslEnforcement 1.1.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-MySql-http 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Append-AppService-httpsonly 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deploy-Diagnostics-WVDWorkspace 1.0.1 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-MachineLearning-PublicAccessWhenBehindVnet 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-MachineLearning-Compute-SubnetId 1.0.0 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-VNet-Peering 1.0.1 False ALZ GitHub repository AzA Link
Policy n/a n/a n/a n/a Deny-AppServiceApiApp-http 1.0.0 False ALZ GitHub repository AzA Link
PolicySet Enforce-Encryption-CMK 1.0.0 Mg CUST_T5 Enforce-Encryption-CMK 1.0.0 upToDate True PolicySet Name, MetaData Tag AzA Link
PolicySet Deploy-Diag-LogAnalytics 1.0.0 Mg ESJH Deploy-Diag-LogAnalytics obsolete True PolicySet Name
PolicySet Deploy-Sql-Security 1.0.0 Mg ESJH Deploy-Sql-Security 1.0.0 upToDate True PolicySet Name AzA Link
PolicySet n/a n/a n/a n/a Deploy-Private-DNS-Zones 1.0.0 False ALZ GitHub repository AzA Link
PolicySet n/a n/a n/a n/a Deploy-MDFC-Config 3.0.0 False ALZ GitHub repository AzA Link
PolicySet n/a n/a n/a n/a Deny-PublicPaaSEndpoints 1.0.0 False ALZ GitHub repository AzA Link
PolicySet n/a n/a n/a n/a Enforce-EncryptTransit 1.0.0 False ALZ GitHub repository AzA Link
PolicySet n/a n/a n/a n/a Deploy-Diagnostics-LogAnalytics 1.1.0 False ALZ GitHub repository AzA Link
Download CSV semicolon | comma
PolicySet DisplayName PolicySetId Policy DisplayName PolicyId Deprecated Property
Deny or Audit resources without Encryption with a customer-managed key (CMK) /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest /providers/microsoft.authorization/policydefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd true
Download CSV semicolon | comma
Policy Assignment DisplayName Policy AssignmentId Policy/PolicySet PolicySet DisplayName PolicySetId Policy DisplayName PolicyId Deprecated Property
testDeprecatedAssignment /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcdd1466e4fc5114b6e5f13d Policy n/a n/a [Deprecated]: Function App should only be accessible over HTTPS /providers/microsoft.authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55 True
Download CSV semicolon | comma
Scope Management Group Id Management Group Name SubscriptionId Subscription Name ResourceGroup ResourceName / ResourceType Exemption name Exemption description Category ExpiresOn (UTC) Exemption Id Policy AssignmentId Policy Type Policy Exempted Set Policies CreatedBy CreatedAt LastModifiedBy LastModifiedAt
MG ESJH-sandboxes ESJH-sandboxes ESJH-sandboxes - ASC-Monitoring Waiver expired 02/04/2021 23:00:00 /providers/Microsoft.Management/managementGroups/ESJH-sandboxes/providers/Microsoft.Authorization/policyExemptions/02752b36ec214097999f6b9b /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring PolicySet Azure Security Benchmark all 205 ESDeploymentAccount@AzGovViz.onmicrosoft.com (User) 2021-01-25 22:29:14 ESDeploymentAccount@AzGovViz.onmicrosoft.com (User) 2021-01-25 22:29:14
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone landingZone - ASC-Monitoring Waiver expired 02/03/2021 23:00:00 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/policyExemptions/95e48160397b4d21ac96d7ca /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Monitoring PolicySet Azure Security Benchmark all 205 ESDeploymentAccount@AzGovViz.onmicrosoft.com (User) 2021-01-25 22:48:00 ESDeploymentAccount@AzGovViz.onmicrosoft.com (User) 2021-01-25 22:48:00

0 Policy assignments orphaned

Download CSV semicolon | comma
*Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Management Group Id Management Group Name SubscriptionId Subscription Name Inheritance ScopeExcluded Exemption applies Policy/Set DisplayName Policy/Set Description Policy/SetId Policy/Set Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName Assignment Description AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
Mg ESJH ESJH thisScope Mg false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 45 9 26 2 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 3 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 3 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 3 4 3 12 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH ESJH thisScope Mg false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope Mg false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 3 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope Mg false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) 1234_APA_MG_RA_onSubReader no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 Joe Dalton 03/10/2022 15:03:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope Mg false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) 1234_APA_MG_RA_onSubOwner no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 Joe Dalton 03/10/2022 13:32:29 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope Mg false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) 1234_APA_MG_RA_onSubContr no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f Joe Dalton 03/10/2022 13:33:42 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope Mg false false My_AP_MG_raOnSub no description given /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a Policy Custom RBAC false deployIfNotExists targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) My_AP_MG_raOnSub no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 Joe Dalton 03/11/2022 07:44:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 08:14:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope Mg false false myPipelinePolicy TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Policy Custom Cache false Audit effect=Audit Default 0 0 0 0 0 none assmgtest01 TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 n/a 10/27/2021 14:40:15 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 0 0 0 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Network interfaces should disable IP forwarding This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 Policy BuiltIn Network False deny Default 0 0 0 0 0 none Deny-IP-Forwarding Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Kubernetes clusters should not allow container privilege escalation Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Kubernetes cluster should not allow privileged containers Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false RDP access from the Internet should be blocked This policy denies any network security rule that allows RDP access from Internet /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Policy Custom Network true Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Secure transfer to storage accounts should be enabled Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 Policy BuiltIn Storage False Audit Default 0 0 0 0 0 none Enforce-Secure-Storage Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 01/25/2021 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Subnets should have a Network Security Group This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Policy Custom Network true Deny Default 1 0 1 0 0 none Deny-Subnet-Without-Nsg Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 Policy BuiltIn Kubernetes False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) Deploy-AKS-Policy Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Auditing on SQL server should be enabled Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Policy BuiltIn SQL False AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) Deploy-SQL-Audit Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Policy BuiltIn Backup False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Deploy-VM-Backup Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 01/10/2021 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Kubernetes clusters should be accessible only over HTTPS Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope Mg false false Deploy SQL DB transparent data encryption Enables transparent data encryption on SQL databases /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f Policy BuiltIn SQL False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) Deploy-SQL-Security Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 45 9 17 1 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 2 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 2 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 2 4 2 8 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 2 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 34 7 9 1 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 3 1 4 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-platform ESJH-platform inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default 0 0 0 0 0 none Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b1 Joe Dalton 05/05/2021 19:52:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b2 n/a 07/06/2021 09:42:48 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default 0 0 0 0 0 none APA2 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b3 n/a 07/06/2021 10:32:34 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default 0 0 0 0 0 none APA3 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b4 n/a 07/06/2021 11:59:31 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 0 0 0 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) 1234_APA_MG_RA_onSubReader no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 Joe Dalton 03/10/2022 15:03:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists Default 0 0 0 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) 1234_APA_MG_RA_onSubOwner no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 Joe Dalton 03/10/2022 13:32:29 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c Default 0 0 0 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) 1234_APA_MG_RA_onSubContr no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f Joe Dalton 03/10/2022 13:33:42 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 false false My_AP_MG_raOnSub no description given /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a Policy Custom RBAC false deployIfNotExists targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) My_AP_MG_raOnSub no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 Joe Dalton 03/11/2022 07:44:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 08:14:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 false false myPipelinePolicy TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Policy Custom Cache false Audit effect=Audit Default 0 0 0 0 0 none assmgtest01 TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 n/a 10/27/2021 14:40:15 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1
Mg test01-EMEA_ID test01-EMEA inherited test01 false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) 1234_APA_MG_RA_onSubReader no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 Joe Dalton 03/10/2022 15:03:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) 1234_APA_MG_RA_onSubOwner no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 Joe Dalton 03/10/2022 13:32:29 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) 1234_APA_MG_RA_onSubContr no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f Joe Dalton 03/10/2022 13:33:42 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 false false My_AP_MG_raOnSub no description given /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a Policy Custom RBAC false deployIfNotExists targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) My_AP_MG_raOnSub no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 Joe Dalton 03/11/2022 07:44:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 08:14:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 false false myPipelinePolicy TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Policy Custom Cache false Audit effect=Audit Default 0 0 0 0 0 none assmgtest01 TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 n/a 10/27/2021 14:40:15 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) 1234_APA_MG_RA_onSubReader no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 Joe Dalton 03/10/2022 15:03:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) 1234_APA_MG_RA_onSubOwner no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 Joe Dalton 03/10/2022 13:32:29 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 false false 1234_AP_MG_RA_onSub 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Policy Custom n/a false deployIfNotExists targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) 1234_APA_MG_RA_onSubContr no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f Joe Dalton 03/10/2022 13:33:42 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 false false My_AP_MG_raOnSub no description given /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a Policy Custom RBAC false deployIfNotExists targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) My_AP_MG_raOnSub no description given /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 Joe Dalton 03/11/2022 07:44:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 08:14:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 false false myPipelinePolicy TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Policy Custom Cache false Audit effect=Audit Default 0 0 0 0 0 none assmgtest01 TEST - Policy for Monitoring whether Redis Cache has a non-SSL port enabled and the Minimum allowed TLS Version /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 n/a 10/27/2021 14:40:15 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default VM should have a managed disk 0 0 0 0 0 none Audit VMs that do not use managed disks auditing that virtual machines use managed disk(s) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/988739f361d84a989dfa087e n/a 12/31/2021 10:03:35 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 12/31/2021 10:36:38 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub false false Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. /providers/microsoft.authorization/policysetdefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 PolicySet BuiltIn Security Center False n/a Default 0 0 0 0 0 none ASC DataProtection (subscription: a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2) This policy assignment was automatically created by Azure Security Center /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/dataprotectionsecuritycenter Security Center 11/04/2021 06:36:03 ObjectType: SP App EXT, ObjectDisplayName: Windows Azure Security Resource Provider, ObjectSignInName: n/a, ObjectId: 9ac4e379-ffb1-4e2c-ac89-3752d019abfd (rp)
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub false false DiagSubscriptionsDim no description given /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/68b79a92-8932-4f15-88a6-0ed2675fa157 Policy Custom n/a false DeployIfNotExists Alert=False, Autoscale=False, Policy=False, Recommendation=False, ResourceHealth=False, ServiceHealth=False, workspaceId=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 1 0 1 0 Log Analytics Contributor (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/a11b5e6d-bb3d-43ea-8009-733bc510f16b), Log Analytics Contributor (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/8a2c62a5-a882-4427-af78-6c7af11325fa) e184b6792089442786621cfe (SPObjId: 71f8ba53-97da-4880-8d02-8b22176c9317) DiagSubscriptionsDim no description given /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe Joe Dalton 06/24/2022 15:46:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
RG test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub RG false false Flow logs should be enabled for every network security group Audit for flow log resources to verify if flow log status is enabled. Enabling flow logs allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more. /providers/microsoft.authorization/policydefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be Policy BuiltIn Network False Audit Default flow logs should be enabled 0 0 0 0 0 none Flow logs should be enabled for every network security group no description given /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/prod_p1/providers/microsoft.authorization/policyassignments/f43bb064dd1e4745814be533 Joe Dalton 12/31/2021 13:58:35 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz thisScope Mg false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policyassignments/aa4f4fdfd3b04fb3962a9da9 Joe Dalton 07/15/2021 15:16:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default 0 0 0 0 0 none Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b1 Joe Dalton 05/05/2021 19:52:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b2 n/a 07/06/2021 09:42:48 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default 0 0 0 0 0 none APA2 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b3 n/a 07/06/2021 10:32:34 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes false false Audit VMs that do not use managed disks This policy audits VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Policy BuiltIn Compute False audit Default 0 0 0 0 0 none APA3 Audit VMs that do not use managed disks no description given /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b4 n/a 07/06/2021 11:59:31 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 0 0 0 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management thisScope Mg false false Deploy the Log Analytics in the subscription Deploys Log Analytics and Automation account to the subscription where the policy is assigned. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics Policy Custom Monitoring true DeployIfNotExists automationAccountName=ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466, automationRegion=westeurope, retentionInDays=30, rgName=ESJH-mgmt, workspaceName=ESJH-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, workspaceRegion=westeurope Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a) Deploy-Log-Analytics (SPObjId: 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5) Deploy-Log-Analytics Deploy-Log-Analytics /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 34 7 9 1 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 3 1 4 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-management ESJH-management inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH-management false false Deploy the Log Analytics in the subscription Deploys Log Analytics and Automation account to the subscription where the policy is assigned. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics Policy Custom Monitoring true DeployIfNotExists automationAccountName=ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466, automationRegion=westeurope, retentionInDays=30, rgName=ESJH-mgmt, workspaceName=ESJH-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, workspaceRegion=westeurope Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a) Deploy-Log-Analytics (SPObjId: 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5) Deploy-Log-Analytics Deploy-Log-Analytics /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 34 7 9 1 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 3 1 4 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management thisScope Sub false false 1234_API_MG_RA_onRG_(1234_RG_CUST) Creates RoleAssigment on RG /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust) PolicySet Custom 1234_RgRoleAssignment false n/a aadObjectIdGroup=2aa667c2-7395-404a-8000-3f7b675680d4, aadObjectIdServicePrincipal=506ae68a-a1f7-42f7-9285-c54ef56a3006, roleDefinitionIdGroup=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c, roleDefinitionIdServicePrincipal=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 Owner (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e9) 1234_APA_Sub_RoleAssignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 (SPObjId: 266be8b1-7aa5-466c-b0d0-8010d97473c4) no description given /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 n/a 09/15/2021 12:33:38 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Network interfaces should disable IP forwarding This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 Policy BuiltIn Network False deny Default 0 0 0 0 0 none Deny-IP-Forwarding Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Kubernetes clusters should not allow container privilege escalation Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Kubernetes cluster should not allow privileged containers Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false RDP access from the Internet should be blocked This policy denies any network security rule that allows RDP access from Internet /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Policy Custom Network true Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Secure transfer to storage accounts should be enabled Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 Policy BuiltIn Storage False Audit Default 0 0 0 0 0 none Enforce-Secure-Storage Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 01/25/2021 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Subnets should have a Network Security Group This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Policy Custom Network true Deny Default 1 0 1 0 0 none Deny-Subnet-Without-Nsg Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 Policy BuiltIn Kubernetes False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) Deploy-AKS-Policy Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Auditing on SQL server should be enabled Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Policy BuiltIn SQL False AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) Deploy-SQL-Audit Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Policy BuiltIn Backup False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Deploy-VM-Backup Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 01/10/2021 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Kubernetes clusters should be accessible only over HTTPS Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones false false Deploy SQL DB transparent data encryption Enables transparent data encryption on SQL databases /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f Policy BuiltIn SQL False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) Deploy-SQL-Security Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 45 9 17 1 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 2 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 2 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 2 4 2 8 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg ESJH-online ESJH-online inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 2 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Network interfaces should disable IP forwarding This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 Policy BuiltIn Network False deny Default 0 0 0 0 0 none Deny-IP-Forwarding Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Kubernetes clusters should not allow container privilege escalation Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Kubernetes cluster should not allow privileged containers Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false RDP access from the Internet should be blocked This policy denies any network security rule that allows RDP access from Internet /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Policy Custom Network true Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones true false Secure transfer to storage accounts should be enabled Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 Policy BuiltIn Storage False Audit Default 0 0 0 0 0 none Enforce-Secure-Storage Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 01/25/2021 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Subnets should have a Network Security Group This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Policy Custom Network true Deny Default 0 0 0 0 0 none Deny-Subnet-Without-Nsg Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 Policy BuiltIn Kubernetes False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) Deploy-AKS-Policy Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Auditing on SQL server should be enabled Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Policy BuiltIn SQL False AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) Deploy-SQL-Audit Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Policy BuiltIn Backup False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Deploy-VM-Backup Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 01/10/2021 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Kubernetes clusters should be accessible only over HTTPS Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones false false Deploy SQL DB transparent data encryption Enables transparent data encryption on SQL databases /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f Policy BuiltIn SQL False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) Deploy-SQL-Security Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 37 7 10 1 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 2 1 3 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub false false 1234_API_MG_RA_onRG_(1234_RG_CUST) Creates RoleAssigment on RG /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust) PolicySet Custom 1234_RgRoleAssignment false n/a aadObjectIdGroup=2aa667c2-7395-404a-8000-3f7b675680d4, aadObjectIdServicePrincipal=506ae68a-a1f7-42f7-9285-c54ef56a3006, roleDefinitionIdGroup=/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c, roleDefinitionIdServicePrincipal=/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 2 0 1 0 Owner (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e8) 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f (SPObjId: 06683a54-86ee-4248-9c50-4b3c47b855be) no description given /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f n/a 09/14/2021 16:55:57 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub false false [Deprecated]: Function App should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. /providers/microsoft.authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55 Policy BuiltIn Security Center False AuditIfNotExists Default 0 0 0 0 0 none testDeprecatedAssignment no description given /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcdd1466e4fc5114b6e5f13d n/a 07/18/2021 15:09:28 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub false false Audit virtual machines without disaster recovery configured Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc. /providers/microsoft.authorization/policydefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Policy BuiltIn Compute False auditIfNotExists Default 0 0 0 0 0 none Audit virtual machines without disaster recovery configured no description given /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcee1466e4fc4114b5e5f03d Joe Dalton 06/16/2021 16:07:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Network interfaces should disable IP forwarding This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team. /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 Policy BuiltIn Network False deny Default 0 0 0 0 0 none Deny-IP-Forwarding Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Kubernetes clusters should not allow container privilege escalation Do not allow containers to run with privilege escalation to root in a Kubernetes cluster. This recommendation is part of CIS 5.2.5 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Kubernetes cluster should not allow privileged containers Do not allow privileged containers creation in a Kubernetes cluster. This recommendation is part of CIS 5.2.1 which is intended to improve the security of your Kubernetes environments. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For more information, see https://aka.ms/kubepolicydoc. /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false RDP access from the Internet should be blocked This policy denies any network security rule that allows RDP access from Internet /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Policy Custom Network true Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Secure transfer to storage accounts should be enabled Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 Policy BuiltIn Storage False Audit Default 0 0 0 0 0 none Enforce-Secure-Storage Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 01/25/2021 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Subnets should have a Network Security Group This policy denies the creation of a subsnet with out an Network Security Group. NSG help to protect traffic across subnet-level. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Policy Custom Network true Deny Default 1 0 1 0 0 none Deny-Subnet-Without-Nsg Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters Use Azure Policy Add-on to manage and report on the compliance state of your Azure Kubernetes Service (AKS) clusters. For more information, see https://aka.ms/akspolicydoc. /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 Policy BuiltIn Kubernetes False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) Deploy-AKS-Policy Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Auditing on SQL server should be enabled Auditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log. /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Policy BuiltIn SQL False AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) Deploy-SQL-Audit Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy Enforce backup for all virtual machines by deploying a recovery services vault in the same location and resource group as the virtual machine. Doing this is useful when different application teams in your organization are allocated separate resource groups and need to manage their own backups and restores. You can optionally exclude virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMAppCentricBackupExcludeTag. /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Policy BuiltIn Backup False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Deploy-VM-Backup Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 01/10/2021 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Kubernetes clusters should be accessible only over HTTPS Use of HTTPS ensures authentication and protects data in transit from network layer eavesdropping attacks. This capability is currently generally available for Kubernetes Service (AKS), and in preview for Azure Arc enabled Kubernetes. For more info, visit https://aka.ms/kubepolicydoc /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Policy BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones false false Deploy SQL DB transparent data encryption Enables transparent data encryption on SQL databases /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f Policy BuiltIn SQL False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) Deploy-SQL-Security Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH false false Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v3, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 PolicySet BuiltIn Security Center False n/a Default 38 4 7 0 0 none ASC-Monitoring ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. Deploys the Azure Defender settings in Azure Security Center for the specific services. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Policy Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace Deploys the diagnostic settings for Activity Log to stream to a Log Analytics workspace when any Activity Log which is missing this diagnostic settings is created or updated. The policy wil set the diagnostic with category enabled. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Policy Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH false false Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics PolicySet Custom Monitoring true n/a logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 3 1 5 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH false false Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring Deploy-VM-Monitoring v2 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH false false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad PolicySet BuiltIn Monitoring False n/a logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers Enable VM insights on servers and machines connected to Azure through Arc enabled servers by installing the Log Analytics virtual machine extension. VM insights uses the Log Analytics agent to collect the guest OS performance data, and provides insights into their performance. See more - https://aka.ms/vminsightsdocs. Deprecation notice: The Log Analytics agent is on a deprecation path and won't be supported after August 31, 2024. You must migrate to the replacement 'Azure Monitor agent' prior to that date. /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 Policy BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH false false Enforce Role assignment at Subscription Scope This Policy definition will enforce a RBAC Role assignment at Subscription scope. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Policy Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) no description given /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
RG ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG false false Deny the creation of private DNS - cust This policy denies the creation of a private DNS in the current scope, used in combination with policies that create centralized private DNS in connectivity subscription /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/53568753-a797-45d7-a552-d55f4a398bbb Policy Custom Network-custom true Deny Default creation of private DNS prohibited 0 0 0 0 0 none Deny the creation of private DNS - cust no description given /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/d1212de8a8fd4184a8965eea Joe Dalton 05/02/2022 07:02:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
RG ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG false false API - Deny the creation of private DNS - cust no description given /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f PolicySet Custom Network-custom false n/a Default 0 0 0 0 0 none API - Deny the creation of private DNS - cust no description given /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/fab7aac62c1d419d87835c61 Joe Dalton 05/02/2022 07:08:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
RG ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG false false 1234Deny-ra-if-SPObjectId no description given /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/policydefinitions/8a9070c4-7eec-4b78-b044-62c20a06d1de Policy Custom n/a false deny Default 1 0 1 0 0 none 1234Deny-ra-if-SPObjectId no description given /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/policyassignments/fa0ac64635d34f42b8e052ba Joe Dalton 03/17/2022 15:07:17 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Download CSV semicolon | comma
Role Name RoleId Assignable Scopes Data CreatedOn CreatedBy UpdatedOn UpdatedBy
1234 PolicyAutomation 4rbacOnSubTest 685f2869-7bab-4ecd-9826-ade9cd454354 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638) false 03/10/2022 07:28:00 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
1234 RoleAssignment bd9c9644-eade-4ab3-aaef-ac26fa369586 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638) false 08/31/2021 06:10:14 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638) false 03/10/2022 13:28:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 07:49:42 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Contributor-0433 fcce8aa9-b8ea-4d43-a930-af0cf1fdbc55 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e) false 05/02/2022 05:05:18 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
CustRole_P_9982_176 6b44d6da-5658-444e-a36d-ce64b14011ab 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) false 05/18/2021 18:03:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 05/18/2021 18:23:40 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
CustRole_P_9982_178 fc14b032-e6e8-440b-a328-f55918e8c83e 2 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) false 06/16/2021 10:10:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Task4638Role 8808ebf9-4602-4635-a9b8-6c0f002695be 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f) false 01/25/2021 22:22:09 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
test_ReaderRestricted 5cceafe8-fd60-4928-8fd3-c936158ad756 1 (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2) false 12/31/2021 11:21:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
testRole3366 f548f1ea-48f1-4a74-9061-b5dacacf514a 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f) false 07/18/2021 15:22:38 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 07/19/2021 19:45:44 ObjectType: User Member, ObjectDisplayName: Jack Dalton, ObjectSignInName: JackDalton@AzGovViz.onmicrosoft.com, ObjectId: c64d2776-a210-428f-b54f-a4a5dd7f8ef8
testRole3367 f7028056-3a12-43ac-a499-0d1844a02240 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466) false 08/04/2021 15:34:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
testRole3368 08a2d627-a94e-461e-8350-432b457d00a3 1 (/providers/microsoft.management/managementgroups/esjhdev) false 08/04/2021 15:36:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Download CSV semicolon | comma
Role Name RoleId Assignable Scopes
1234 PolicyAutomation 4rbacOnSubTest 685f2869-7bab-4ecd-9826-ade9cd454354 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638)
1234 RoleAssignment bd9c9644-eade-4ab3-aaef-ac26fa369586 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638)
Contributor-0433 fcce8aa9-b8ea-4d43-a930-af0cf1fdbc55 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e)
CustRole_P_9982_176 6b44d6da-5658-444e-a36d-ce64b14011ab 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466)
CustRole_P_9982_178 fc14b032-e6e8-440b-a328-f55918e8c83e 2 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466)
Task4638Role 8808ebf9-4602-4635-a9b8-6c0f002695be 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f)
test_ReaderRestricted 5cceafe8-fd60-4928-8fd3-c936158ad756 1 (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2)
testRole3366 f548f1ea-48f1-4a74-9061-b5dacacf514a 1 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f)
testRole3367 f7028056-3a12-43ac-a499-0d1844a02240 1 (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466)
testRole3368 08a2d627-a94e-461e-8350-432b457d00a3 1 (/providers/microsoft.management/managementgroups/esjhdev)
Download CSV semicolon | comma
Role AssignmentId Role Name RoleId Impacted Mg/Sub
/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Mg: 14; Sub: 4
/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Mg: 3; Sub: 1
Download CSV semicolon | comma
Subscription SubscriptionId MgPath Role Identity
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f ServiceAdministrator its.joe.dalton@azgovviz.net
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 ServiceAdministrator its.joe.dalton@azgovviz.net
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 ServiceAdministrator its.joe.dalton@azgovviz.net
Download CSV semicolon | comma
*Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Management Group Id Management Group Name SubscriptionId Subscription Name Assignment Scope Role Role Id Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details PIM PIM assignment type PIM start PIM end Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
Ten 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg 896470ca-9c6e-4176-9b38-5a655403c638 Tenant Root Group thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH ESJH inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH ESJH inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH ESJH thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJHDEV ESJHDEV inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJHDEV ESJHDEV inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHDEV ESJHDEV thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/esjhdev/providers/microsoft.authorization/roleassignments/983c43f8-1c29-4c73-9816-b69d38226be4 none 07/06/2021 13:09:24 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJHQA ESJHQA inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJHQA ESJHQA inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA thisScope MG Security Reader 39bc4728-0917-49c7-9d2c-d95423bc2eb4 Builtin false False group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group direct 0 (Usr: 0, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/e010f291-49a9-4d4b-be4d-55c6aeb164cd none 08/06/2021 09:30:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA thisScope MG Log Analytics Reader 73c42c96-874c-492b-b04d-ab87d138a893 Builtin false False group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group indirect group05OneMemberGroupWithNoMembers (c57f8838-1603-4932-b3c4-9572feea9173) 1 (Usr: 0, Grp: 1, SP: 0) False /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 none 08/06/2021 09:30:52 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA thisScope MG Log Analytics Reader 73c42c96-874c-492b-b04d-ab87d138a893 Builtin false False group05OneMemberGroupWithNoMembers n/a c57f8838-1603-4932-b3c4-9572feea9173 Group direct 1 (Usr: 0, Grp: 1, SP: 0) False /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 none 08/06/2021 09:30:52 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJHQA ESJHQA thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7 none 07/06/2021 10:02:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten test01 test01 inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten test01 test01 inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope MG User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True MS-PIM n/a f70514be-80e6-46e8-b985-ce72f5ee8e09 SP APP EXT direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 none 04/27/2022 21:29:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True n/a n/a 604ec94a-0860-478f-bc42-a2b599f1a505 Unknown direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f none 03/09/2022 16:37:12 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 none 10/27/2021 14:29:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg test01 test01 thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a none 04/27/2022 21:30:12 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
Mg test01 test01 thisScope MG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope MG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope MG 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 1b5ac3236f0246ef83a14435 n/a 04b9b3f5-86a7-48cf-85fd-cce9468568db SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) 03/10/2022 15:03:14 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope MG 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True a2d9426ccece4000b889c72f n/a 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) 03/10/2022 13:33:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope MG 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True abe0212187e243e89ce5a623 n/a 41d30710-9d12-4361-ad69-ad313b2c427c SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) 03/11/2022 07:44:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01 test01 thisScope MG 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 5f9ec45db52f479e940fc150 n/a 84a55248-e141-4ea6-b6ad-23791f5e8980 SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) 03/10/2022 13:32:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-decommissioned ESJH-decommissioned inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Ten ESJH-decommissioned ESJH-decommissioned inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-decommissioned ESJH-decommissioned inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned thisScope MG Security Reader 39bc4728-0917-49c7-9d2c-d95423bc2eb4 Builtin false False Jesse James Jesse.James@AzGovViz.onmicrosoft.com 6f71f3b7-98e1-4821-8116-13b41476ef84 User Member direct False /providers/microsoft.management/managementgroups/esjh-decommissioned/providers/microsoft.authorization/roleassignments/9bdf3098-8e69-4e98-bd8c-22b991783b10 none 06/16/2021 09:52:59 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-decommissioned ESJH-decommissioned thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-decommissioned/providers/microsoft.authorization/roleassignments/81bb9ace-a96d-47ab-b9a2-8952e655aa0c none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Ten ESJH-landingzones ESJH-landingzones inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-landingzones ESJH-landingzones inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-landingzones ESJH-landingzones thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-landingzones ESJH-landingzones thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-platform ESJH-platform inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Ten ESJH-platform ESJH-platform inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-platform ESJH-platform inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-platform ESJH-platform thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/roleassignments/243cb616-b890-4197-bc2e-98b966ba39f5 none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-sandboxes ESJH-sandboxes inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Ten ESJH-sandboxes ESJH-sandboxes inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-sandboxes ESJH-sandboxes inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-sandboxes ESJH-sandboxes thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-sandboxes ESJH-sandboxes thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c11 none 07/05/2021 08:20:09 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten test01-APAC_ID test01-APAC inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten test01-APAC_ID test01-APAC inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True MS-PIM n/a f70514be-80e6-46e8-b985-ce72f5ee8e09 SP APP EXT direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 none 04/27/2022 21:29:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True n/a n/a 604ec94a-0860-478f-bc42-a2b599f1a505 Unknown direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f none 03/09/2022 16:37:12 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 none 10/27/2021 14:29:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg test01-APAC_ID test01-APAC inherited test01 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a none 04/27/2022 21:30:12 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
Mg test01-APAC_ID test01-APAC inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 1b5ac3236f0246ef83a14435 n/a 04b9b3f5-86a7-48cf-85fd-cce9468568db SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) 03/10/2022 15:03:14 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True a2d9426ccece4000b889c72f n/a 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) 03/10/2022 13:33:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True abe0212187e243e89ce5a623 n/a 41d30710-9d12-4361-ad69-ad313b2c427c SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) 03/11/2022 07:44:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 5f9ec45db52f479e940fc150 n/a 84a55248-e141-4ea6-b6ad-23791f5e8980 SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) 03/10/2022 13:32:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-APAC_ID test01-APAC thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/test01-apac_id/providers/microsoft.authorization/roleassignments/d53a075b-ed91-4ece-b9e4-86c5a57d50bf none 01/31/2022 05:19:20 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten test01-EMEA_ID test01-EMEA inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten test01-EMEA_ID test01-EMEA inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True MS-PIM n/a f70514be-80e6-46e8-b985-ce72f5ee8e09 SP APP EXT direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 none 04/27/2022 21:29:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True n/a n/a 604ec94a-0860-478f-bc42-a2b599f1a505 Unknown direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f none 03/09/2022 16:37:12 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 none 10/27/2021 14:29:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg test01-EMEA_ID test01-EMEA inherited test01 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a none 04/27/2022 21:30:12 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
Mg test01-EMEA_ID test01-EMEA inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 1b5ac3236f0246ef83a14435 n/a 04b9b3f5-86a7-48cf-85fd-cce9468568db SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) 03/10/2022 15:03:14 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True a2d9426ccece4000b889c72f n/a 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) 03/10/2022 13:33:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True abe0212187e243e89ce5a623 n/a 41d30710-9d12-4361-ad69-ad313b2c427c SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) 03/11/2022 07:44:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 5f9ec45db52f479e940fc150 n/a 84a55248-e141-4ea6-b6ad-23791f5e8980 SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) 03/10/2022 13:32:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/test01-emea_id/providers/microsoft.authorization/roleassignments/b3e7a86e-9057-45d0-b7da-004932703b32 none 12/31/2021 09:59:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True MS-PIM n/a f70514be-80e6-46e8-b985-ce72f5ee8e09 SP APP EXT direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 none 04/27/2022 21:29:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True n/a n/a 604ec94a-0860-478f-bc42-a2b599f1a505 Unknown direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f none 03/09/2022 16:37:12 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 none 10/27/2021 14:29:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a none 04/27/2022 21:30:12 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 1b5ac3236f0246ef83a14435 n/a 04b9b3f5-86a7-48cf-85fd-cce9468568db SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) 03/10/2022 15:03:14 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True a2d9426ccece4000b889c72f n/a 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) 03/10/2022 13:33:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True abe0212187e243e89ce5a623 n/a 41d30710-9d12-4361-ad69-ad313b2c427c SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) 03/11/2022 07:44:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 5f9ec45db52f479e940fc150 n/a 84a55248-e141-4ea6-b6ad-23791f5e8980 SP MI Sys direct False /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) 03/10/2022 13:32:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 inherited test01-EMEA_ID Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/test01-emea_id/providers/microsoft.authorization/roleassignments/b3e7a86e-9057-45d0-b7da-004932703b32 none 12/31/2021 09:59:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/970054de-6c25-5393-afcd-bef8453a50fd none 03/10/2022 18:47:54 ObjectType: SP MI Sys, ObjectDisplayName: 5f9ec45db52f479e940fc150, ObjectSignInName: n/a, ObjectId: 84a55248-e141-4ea6-b6ad-23791f5e8980
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/970054de-6c25-5393-afcd-bef8453a50fd none 03/10/2022 18:47:54 ObjectType: SP MI Sys, ObjectDisplayName: 5f9ec45db52f479e940fc150, ObjectSignInName: n/a, ObjectId: 84a55248-e141-4ea6-b6ad-23791f5e8980
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 Builtin false False e184b6792089442786621cfe n/a 71f8ba53-97da-4880-8d02-8b22176c9317 SP MI Sys direct False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/a11b5e6d-bb3d-43ea-8009-733bc510f16b /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe (DiagSubscriptionsDim) 06/24/2022 15:46:27 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user00 user00@AzGovViz.onmicrosoft.com 05687e51-8ebb-4a06-9eae-9e9786f79090 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False mi4439 n/a 4b8bce68-e5f3-47d9-9420-66187e697c64 SP MI Usr direct False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/76c168f5-9ca6-4e1f-bc44-f7cf435a9e12 none 01/08/2022 16:38:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group direct 0 (Usr: 0, Grp: 0, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/d13dccbe-d20e-46c5-9459-fbff922e2b22 none 03/11/2022 07:33:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group01 n/a 66f4e0b3-13af-4c93-ad43-67042ed760e5 Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user01 user01@AzGovViz.onmicrosoft.com 7dd8e665-9277-4bbb-94f9-ff278ceff8c0 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group02 n/a 903a7f87-c183-4962-8983-c793a77f18bf Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group00 n/a c1916fdd-08d8-439e-a329-d540c6f002a8 Group direct 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user03 user03@AzGovViz.onmicrosoft.com c472fa07-5319-4f5f-8bcd-00d4162bb8fd User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user02 user02@AzGovViz.onmicrosoft.com cb317eea-8af2-4cb8-bde5-516e0b951f1b User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/9e637076-9509-527b-bd3f-0e6f82553205 none 03/10/2022 13:52:48 ObjectType: SP MI Sys, ObjectDisplayName: a2d9426ccece4000b889c72f, ObjectSignInName: n/a, ObjectId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7
Sub test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/9e637076-9509-527b-bd3f-0e6f82553205 none 03/10/2022 13:52:48 ObjectType: SP MI Sys, ObjectDisplayName: a2d9426ccece4000b889c72f, ObjectSignInName: n/a, ObjectId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7
RG test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub RG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False William Dalton william.dalton@AzGovViz.onmicrosoft.com 3c99d2bc-12b3-4f4f-87a6-c673aed4628c User Member direct False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/dev_p1/providers/microsoft.authorization/roleassignments/c2c51f92-01fe-4a69-b508-1ec383a595f1 none 12/31/2021 13:54:48 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Res test01-EMEA_ID test01-EMEA a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 thisScope Sub RG Res Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7 Builtin false False William Dalton william.dalton@AzGovViz.onmicrosoft.com 3c99d2bc-12b3-4f4f-87a6-c673aed4628c User Member direct False /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/prod_p1/providers/microsoft.network/networksecuritygroups/nsgx_p1/providers/microsoft.authorization/roleassignments/b7794256-353c-4e73-89d1-d300ceb8cacd none 12/31/2021 13:57:18 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg CUST_T5 CUST_T5 atz inherited ESJH-sandboxes Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c11 none 07/05/2021 08:20:09 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Ten CUST_T5 CUST_T5 atz inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten CUST_T5 CUST_T5 atz inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg CUST_T5 CUST_T5 atz thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/roleassignments/3c72bcce-6116-4d33-9f8a-927083beee40 none 05/18/2021 18:14:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management inherited ESJH-platform Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/roleassignments/243cb616-b890-4197-bc2e-98b966ba39f5 none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-management ESJH-management inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-management ESJH-management inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Log-Analytics n/a 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics (Deploy the Log Analytics in the subscription) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/84fb757b-e5ed-44e1-92fa-5d2ed6fe5cd1 none 01/10/2021 20:56:58 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH-management Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Log-Analytics n/a 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics (Deploy the Log Analytics in the subscription) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH-management Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/84fb757b-e5ed-44e1-92fa-5d2ed6fe5cd1 none 01/10/2021 20:56:58 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited ESJH-platform Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/roleassignments/243cb616-b890-4197-bc2e-98b966ba39f5 none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management thisScope Sub Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipelineDev n/a 3a4c97c7-ae6d-4d5a-a9c7-2bb2e0127fb4 SP APP INT direct False /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/dcf8128a-c871-401d-8b3a-1114552cdf25 none 10/27/2021 14:07:20 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True 1234_APA_Sub_RoleAssignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 n/a 266be8b1-7aa5-466c-b0d0-8010d97473c4 SP MI Sys direct False /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e9 /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 (1234_API_MG_RA_onRG_(1234_RG_CUST)) 09/15/2021 12:53:08 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
Sub ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ra0 n/a 862a78e3-3e64-4272-a758-c987b2410718 Group direct 0 (Usr: 0, Grp: 0, SP: 0) False /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/5027d9f5-dfe7-56e3-a185-5454d92ed309 none 03/16/2022 23:58:30 ObjectType: SP MI Sys, ObjectDisplayName: enforce0, ObjectSignInName: n/a, ObjectId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16
RG ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management thisScope Sub RG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False user03 user03@AzGovViz.onmicrosoft.com c472fa07-5319-4f5f-8bcd-00d4162bb8fd User Member direct False /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/nsg/providers/microsoft.authorization/roleassignments/1fe0074e-959c-4d3e-9478-9dc99a34062a none 05/18/2021 17:59:58 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Res ESJH-management ESJH-management f28ba982-5ed0-4033-9bdf-e45e4b5df466 management thisScope Sub RG Res Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 Builtin false False e184b6792089442786621cfe n/a 71f8ba53-97da-4880-8d02-8b22176c9317 SP MI Sys direct False /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/8a2c62a5-a882-4427-af78-6c7af11325fa /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe (DiagSubscriptionsDim) 06/24/2022 15:48:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-online ESJH-online inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-online ESJH-online inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/roleassignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 none 01/10/2021 20:57:02 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited ESJH-online Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/roleassignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 none 01/10/2021 20:57:02 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect group03 (e2390190-219f-419f-bdfa-a9f5cc3698cc) 1 (Usr: 1, Grp: 0, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 none 07/21/2021 10:08:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/70e14253-25d3-447f-9356-ac32985062a4 none 07/19/2021 19:31:24 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True group03 n/a e2390190-219f-419f-bdfa-a9f5cc3698cc Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 none 07/21/2021 10:08:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipelineNonProd n/a 192e9bab-be5b-4f6f-9e89-a4c80e638e43 SP APP INT direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/66eb6b8e-95e1-472f-9ab1-91115194ec0e none 10/27/2021 14:07:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Monitoring Reader 43d0d8ad-25c7-4714-9337-8ba259a9fe05 Builtin false False Jolly Jumper JollyJumper@AzGovViz.onmicrosoft.com 192ff2e5-52de-4c93-b220-f9ced74068b0 User Member direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/79041f69-fb87-4da7-8676-6431f7ad43a8 none 01/25/2021 22:11:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Tag Contributor 4a9ae827-6dc8-4573-8ac7-8239d42aa03f Builtin false False Tag Bert TagBert@AzGovViz.onmicrosoft.com 9e1643fe-b887-4a53-9071-56801236f719 User Member direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/1dd61049-04b7-4058-af49-01f9b83159b2 none 07/22/2021 08:57:09 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f n/a 06683a54-86ee-4248-9c50-4b3c47b855be SP MI Sys direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e8 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f (1234_API_MG_RA_onRG_(1234_RG_CUST)) 09/14/2021 16:57:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/68463d6a-5bd9-4d2b-8607-cb12a73d3c53 none 05/13/2021 12:05:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/2754101a-9df1-48e7-ae2a-836f23710ed7 none 07/19/2021 19:43:09 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user00 user00@AzGovViz.onmicrosoft.com 05687e51-8ebb-4a06-9eae-9e9786f79090 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/cfd94c09-b2ea-4f72-b63a-31a0e14c3834 none 04/27/2022 21:23:41 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group01 n/a 66f4e0b3-13af-4c93-ad43-67042ed760e5 Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user01 user01@AzGovViz.onmicrosoft.com 7dd8e665-9277-4bbb-94f9-ff278ceff8c0 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ra0 n/a 862a78e3-3e64-4272-a758-c987b2410718 Group direct 0 (Usr: 0, Grp: 0, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/a45b2d11-f939-572e-8672-c221fa4f8396 none 03/16/2022 23:58:28 ObjectType: SP MI Sys, ObjectDisplayName: enforce0, ObjectSignInName: n/a, ObjectId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group02 n/a 903a7f87-c183-4962-8983-c793a77f18bf Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group00 n/a c1916fdd-08d8-439e-a329-d540c6f002a8 Group direct 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False mi5640 n/a c269faa6-e208-4ff7-a74b-0bd6902f2f50 SP MI Usr direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/51d44b26-f5d2-4c7e-ae24-ef25fc53613b none 01/07/2022 18:36:28 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user03 user03@AzGovViz.onmicrosoft.com c472fa07-5319-4f5f-8bcd-00d4162bb8fd User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user02 user02@AzGovViz.onmicrosoft.com cb317eea-8af2-4cb8-bde5-516e0b951f1b User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False mi5639 n/a f84fb916-e925-41d8-afdc-7bfa1a32d65a SP MI Usr direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/0e7d83a8-0588-4ef3-8acd-4cddecf0076c none 01/07/2022 16:52:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub Managed Application Operator Role c7393b34-138c-406f-901b-d8cf2b17e6ae Builtin false False RPSaaS Meta RP n/a 91c60235-9208-499d-9887-416059ab970f SP APP EXT direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/e88742ee-5622-40d2-9a00-c5e3080a8a16 none 11/03/2021 10:52:06 IsNullOrEmpty
RG ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub RG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 1234_DevOpsSP n/a 506ae68a-a1f7-42f7-9285-c54ef56a3006 SP APP INT direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourcegroups/1234_rg_cust_tim_210914-185704/providers/microsoft.authorization/roleassignments/c2b45172-8770-5359-a734-6574525a0e6b none 09/14/2021 16:58:20 ObjectType: SP MI Sys, ObjectDisplayName: 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f, ObjectSignInName: n/a, ObjectId: 06683a54-86ee-4248-9c50-4b3c47b855be
RG ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub RG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234_DevOpsGroup n/a 2aa667c2-7395-404a-8000-3f7b675680d4 Group direct 0 (Usr: 0, Grp: 0, SP: 0) False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourcegroups/1234_rg_cust_tim_210914-185704/providers/microsoft.authorization/roleassignments/e4754ccf-e384-5c83-992d-0a7a35fcc732 none 09/14/2021 16:58:20 ObjectType: SP MI Sys, ObjectDisplayName: 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f, ObjectSignInName: n/a, ObjectId: 06683a54-86ee-4248-9c50-4b3c47b855be
Res ESJH-online ESJH-online 4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone thisScope Sub RG Res Storage Blob Data Reader 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1 Builtin true False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourcegroups/projectb/providers/microsoft.storage/storageaccounts/sa6749/providers/microsoft.authorization/roleassignments/a04a9b5a-9262-4b83-921b-b68d7f7b56a8 none 09/24/2022 13:14:24 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI Sys direct False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited ESJH-online Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/roleassignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 none 01/10/2021 20:57:02 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
Ten ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Ten ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct False /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/roleassignments/864998c3-485a-4a14-9266-db57615348c2 none 02/22/2022 08:18:17 IsNullOrEmpty
Sub ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ra0 n/a 862a78e3-3e64-4272-a758-c987b2410718 Group direct 0 (Usr: 0, Grp: 0, SP: 0) False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/roleassignments/79c80373-cc03-5188-bffa-f43f48c2efba none 03/16/2022 23:58:28 ObjectType: SP MI Sys, ObjectDisplayName: enforce0, ObjectSignInName: n/a, ObjectId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16
RG ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/roleassignments/d7548269-bcb4-4d43-a81c-d015d9c696e3 none 03/17/2022 15:07:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
RG ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/roleassignments/d7548269-bcb4-4d43-a81c-d015d9c696e3 none 03/17/2022 15:07:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Res ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/8b655714-1947-47c2-ad4d-2d1afb15d852 none 05/19/2022 14:10:27 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Res ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/893d3984-7785-44dc-bcba-89a0baa2d38a none 09/15/2022 07:17:35 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Res ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/e94c2097-5257-4a68-aad4-0fd0e3a91442 none 05/19/2022 16:42:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Res ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/7f38ec43-e240-436f-84e3-c1e1d975737d none 05/21/2022 06:41:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Res ESJH-online ESJH-online 20217969-e578-4e91-beea-9bcf18b05a7e payg1 thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/bd93a3a3-1d3a-4e39-a509-10d07112b462 none 05/20/2022 16:33:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

No PIM Eligibility

0 Custom Role definitions Owner permissions (Tenant wide)

Download CSV semicolon | comma
Role Name RoleId Type Role assignments Assignable Scopes
1234 PolicyAutomation 4rbacOnSubTest 685f2869-7bab-4ecd-9826-ade9cd454354 Custom 0 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638)
1234 RoleAssignment bd9c9644-eade-4ab3-aaef-ac26fa369586 Custom 0 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638)
1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom 4 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) 1 (/providers/Microsoft.Management/managementGroups/896470ca-9c6e-4176-9b38-5a655403c638)
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 BuiltIn 36 (/providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99, /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b, /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d, /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/roleassignments/3c72bcce-6116-4d33-9f8a-927083beee40, /providers/microsoft.management/managementgroups/esjh-decommissioned/providers/microsoft.authorization/roleassignments/81bb9ace-a96d-47ab-b9a2-8952e655aa0c, /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88, /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f, /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345, /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5, /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6, /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/84fb757b-e5ed-44e1-92fa-5d2ed6fe5cd1, /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a, /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/roleassignments/06ee6718-e394-4fcf-bbc2-cf358381ff67, /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/roleassignments/243cb616-b890-4197-bc2e-98b966ba39f5, /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f, /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870, /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed, /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc, /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf, /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374, /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815, /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf, /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e, /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171, /providers/microsoft.management/managementgroups/esjhdev/providers/microsoft.authorization/roleassignments/983c43f8-1c29-4c73-9816-b69d38226be4, /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7, /providers/microsoft.management/managementgroups/test01-apac_id/providers/microsoft.authorization/roleassignments/d53a075b-ed91-4ece-b9e4-86c5a57d50bf, /providers/microsoft.management/managementgroups/test01-emea_id/providers/microsoft.authorization/roleassignments/b3e7a86e-9057-45d0-b7da-004932703b32, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67, /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/roleassignments/864998c3-485a-4a14-9266-db57615348c2, /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/2754101a-9df1-48e7-ae2a-836f23710ed7, /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/68463d6a-5bd9-4d2b-8607-cb12a73d3c53, /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e8, /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/970054de-6c25-5393-afcd-bef8453a50fd, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e9)
Role Based Access Control Administrator (Preview) f58310d9-a9f6-439a-9e8d-f62e7b41a168 BuiltIn 0
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 BuiltIn 4 (/providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046, /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/6bbd9ae3-1189-40bb-8170-7e8674b79159, /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/70e14253-25d3-447f-9356-ac32985062a4)
Download CSV semicolon | comma
Role Name RoleId Role Assignment ServicePrincipal (ObjId) Impacted Mg/Sub
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b AzOps (c295384a-33d9-475e-abaf-d2fb0274299a) Mg: 14; Sub: 4
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f Enforce-SQL-Encryption (34520a11-7b14-46a8-ac34-7d766959460a) Mg: 2; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 Deploy-AKS-Policy (fb0a7498-393f-434d-aa93-2acd144f489f) Mg: 2; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 Deploy-VM-Backup (e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Mg: 2; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 Deploy-SQL-DB-Auditing (4f3a2551-ea2f-43c6-9623-8950156d19b7) Mg: 2; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a Deploy-Log-Analytics (2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5) Mg: 1; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 Deploy-VMSS-Monitoring (a3a4908f-b068-455e-a3f5-38cc5e00448f) Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed Deploy-WS-Arc-Monitoring (b0bdcb08-09c9-4d9d-957e-963d255e7220) Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc Deploy-Resource-Diag (e51576ad-748d-462b-9d70-cb3b03e6c2e6) Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf Deploy-ASC-Security (4cb4c797-237b-4e64-b2cf-66f841700442) Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 Deploy-VM-Monitoring (065dde0b-5eab-4fce-80ee-ec956e94c498) Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 enforce0 (79d69f2f-2fbe-409e-84c3-3e510c18fd16) Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf Deploy-LX-Arc-Monitoring (9ed01b2b-9311-41a8-8897-0a329047be49) Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e Deploy-AzActivity-Log (1691aa06-da2e-43f0-98f9-af12494603a9) Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjhdev/providers/microsoft.authorization/roleassignments/983c43f8-1c29-4c73-9816-b69d38226be4 AzOps (c295384a-33d9-475e-abaf-d2fb0274299a) Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7 AzOps (c295384a-33d9-475e-abaf-d2fb0274299a) Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e8 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f (06683a54-86ee-4248-9c50-4b3c47b855be) Mg: 0; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e9 1234_APA_Sub_RoleAssignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 (266be8b1-7aa5-466c-b0d0-8010d97473c4) Mg: 0; Sub: 1
Download CSV semicolon | comma
Role Name RoleId Role Assignment Obj Type Obj DisplayName Obj SignInName ObjId Impacted Mg/Sub
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 14; Sub: 4
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b ServicePrincipal AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a Mg: 14; Sub: 4
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 14; Sub: 4
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/roleassignments/3c72bcce-6116-4d33-9f8a-927083beee40 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-decommissioned/providers/microsoft.authorization/roleassignments/81bb9ace-a96d-47ab-b9a2-8952e655aa0c User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 2; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f ServicePrincipal Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a Mg: 2; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 ServicePrincipal Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f Mg: 2; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 ServicePrincipal Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 Mg: 2; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 ServicePrincipal Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 Mg: 2; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/84fb757b-e5ed-44e1-92fa-5d2ed6fe5cd1 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 1; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a ServicePrincipal Deploy-Log-Analytics n/a 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 Mg: 1; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/roleassignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 1; Sub: 2
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/roleassignments/243cb616-b890-4197-bc2e-98b966ba39f5 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 2; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 2; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 ServicePrincipal Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed ServicePrincipal Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc ServicePrincipal Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf ServicePrincipal Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 ServicePrincipal Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 ServicePrincipal enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf ServicePrincipal Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e ServicePrincipal Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 User ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 Mg: 8; Sub: 3
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjhdev/providers/microsoft.authorization/roleassignments/983c43f8-1c29-4c73-9816-b69d38226be4 ServicePrincipal AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7 ServicePrincipal AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/test01-apac_id/providers/microsoft.authorization/roleassignments/d53a075b-ed91-4ece-b9e4-86c5a57d50bf User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 1; Sub: 0
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/test01-emea_id/providers/microsoft.authorization/roleassignments/b3e7a86e-9057-45d0-b7da-004932703b32 User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 1; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f Unknown n/a n/a 604ec94a-0860-478f-bc42-a2b599f1a505 Mg: 3; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 3; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/roleassignments/864998c3-485a-4a14-9266-db57615348c2 User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 0; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/2754101a-9df1-48e7-ae2a-836f23710ed7 User Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 Mg: 0; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/68463d6a-5bd9-4d2b-8607-cb12a73d3c53 User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 0; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e8 ServicePrincipal 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f n/a 06683a54-86ee-4248-9c50-4b3c47b855be Mg: 0; Sub: 1
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e9 ServicePrincipal 1234_APA_Sub_RoleAssignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 n/a 266be8b1-7aa5-466c-b0d0-8010d97473c4 Mg: 0; Sub: 1
Download CSV semicolon | comma
Role Name RoleId Role Assignment Obj Type Obj DisplayName Obj SignInName ObjId Impacted Mg/Sub
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 User Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a Mg: 14; Sub: 4
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 ServicePrincipal MS-PIM n/a f70514be-80e6-46e8-b985-ce72f5ee8e09 Mg: 3; Sub: 1
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/70e14253-25d3-447f-9356-ac32985062a4 User Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 Mg: 0; Sub: 1
Download CSV semicolon | comma
Role Name RoleId Role Assignment Obj Type Obj DisplayName Obj SignInName ObjId Assignment direct/indirect
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 User Guest Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 direct
User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/70e14253-25d3-447f-9356-ac32985062a4 User Guest Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 direct

0 Blueprint definitions

0 Blueprint assignments

0 Orphaned Blueprint definitions

Download CSV semicolon | comma
Level ManagementGroup ManagementGroup Id Mg children (total) Mg children (direct) Sub children (total) Sub children (direct) MG MDfC Score Cost (30d) Path
0 Tenant Root Group 896470ca-9c6e-4176-9b38-5a655403c638 13 4 4 0 28.57 0.60 EUR generated by 2 Resources (1 ResourceTypes) in 2 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638
1 ESJH ESJH 7 4 3 0 n/a 0.59 EUR generated by 1 Resources (1 ResourceTypes) in 1 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/ESJH
1 ESJHDEV ESJHDEV 0 0 0 0 n/a no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJHDEV
1 ESJHQA ESJHQA 0 0 0 0 n/a no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJHQA
1 test01 test01 2 2 1 0 28.57 0.01 EUR generated by 1 Resources (1 ResourceTypes) in 1 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/test01
2 ESJH-decommissioned ESJH-decommissioned 0 0 0 0 n/a no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-decommissioned
2 ESJH-landingzones ESJH-landingzones 1 1 2 0 n/a 0.59 EUR generated by 1 Resources (1 ResourceTypes) in 1 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones
2 ESJH-platform ESJH-platform 1 1 1 0 n/a no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform
2 ESJH-sandboxes ESJH-sandboxes 1 1 0 0 n/a no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes
2 test01-APAC test01-APAC_ID 0 0 0 0 n/a no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-APAC_ID
2 test01-EMEA test01-EMEA_ID 0 0 1 1 28.57 0.01 EUR generated by 1 Resources (1 ResourceTypes) in 1 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID
3 CUST_T5 atz CUST_T5 0 0 0 0 n/a no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes/CUST_T5
3 ESJH-management ESJH-management 0 0 1 1 n/a no consumption data available 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management
3 ESJH-online ESJH-online 0 0 2 2 n/a 0.59 EUR generated by 1 Resources (1 ResourceTypes) in 1 Subscriptions 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online

Hierarchy Settings | Default Management Group Id: 'ESJH-online' docs

Hierarchy Settings | Require authorization for Management Group creation: 'False' docs

Supported Microsoft Azure offers docs
Understand Microsoft Defender for Cloud Secure Score Video , Blog , docs
Download CSV semicolon | comma
Subscription SubscriptionId QuotaId Role assignment limit Tags Sub MDfC Score Cost (30d) Currency Path
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f PayAsYouGo_2014-09-01 4000 'costCenter':'4711', 'existingtag':'blaaa', 'TechnicalContact':'me', 'testtag':'testvalue5', 'testtag2':'blub' 5 of 19 points 0.59 EUR 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 PayAsYouGo_2014-09-01 4000 'costCenter':'4876' 5 of 15 points 0 n/a 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 PayAsYouGo_2014-09-01 4000 'responsible':'Jack Dalton jdalton' 4 of 14 points 0.01 EUR 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2
payg1 20217969-e578-4e91-beea-9bcf18b05a7e PayAsYouGo_2014-09-01 4000 'TechnicalContact':'me' n/a 0 n/a 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e

0 Subscriptions out-of-scope

Resource naming and tagging decision guide docs
Download CSV semicolon | comma
Scope TagName Count
AllScopes costCenter 5
AllScopes existingtag 4
AllScopes ms-resource-usage 1
AllScopes Responsible 4
AllScopes tagKey1 2
AllScopes tagKey2 2
AllScopes TechnicalContact 3
AllScopes testtag 3
AllScopes testtag2 4
AllScopes testtagbase 1
Resource costCenter 3
Resource existingtag 2
Resource ms-resource-usage 1
Resource Responsible 2
Resource tagKey1 2
Resource tagKey2 2
Resource TechnicalContact 1
Resource testtag 1
Resource testtag2 2
Resource testtagbase 1
ResourceGroup existingtag 1
ResourceGroup Responsible 1
ResourceGroup testtag 1
ResourceGroup testtag2 1
Subscription costCenter 2
Subscription existingtag 1
Subscription responsible 1
Subscription TechnicalContact 2
Subscription testtag 1
Subscription testtag2 1
Download CSV semicolon | comma
ResourceType Resource Count
microsoft.automation/automationaccounts 1
microsoft.automation/automationaccounts/runbooks 1
microsoft.keyvault/vaults 1
microsoft.logic/workflows 3
microsoft.managedidentity/userassignedidentities 4
microsoft.network/networksecuritygroups 12
microsoft.network/networkwatchers 2
microsoft.network/routetables 10
microsoft.network/virtualnetworks 2
microsoft.operationalinsights/workspaces 1
microsoft.operationsmanagement/solutions 10
microsoft.storage/storageaccounts 3
microsoft.web/serverfarms 1
microsoft.web/sites 1
Download CSV semicolon | comma
ResourceType Location Resource Count
microsoft.automation/automationaccounts westeurope 1
microsoft.automation/automationaccounts/runbooks westeurope 1
microsoft.keyvault/vaults westeurope 1
microsoft.logic/workflows northcentralus 1
microsoft.logic/workflows northeurope 1
microsoft.logic/workflows westeurope 1
microsoft.managedidentity/userassignedidentities northeurope 2
microsoft.managedidentity/userassignedidentities westeurope 2
microsoft.network/networksecuritygroups eastus 3
microsoft.network/networksecuritygroups northeurope 2
microsoft.network/networksecuritygroups southafricanorth 1
microsoft.network/networksecuritygroups westeurope 6
microsoft.network/networkwatchers northeurope 1
microsoft.network/networkwatchers westeurope 1
microsoft.network/routetables northcentralus 5
microsoft.network/routetables northeurope 1
microsoft.network/routetables southafricanorth 1
microsoft.network/routetables westeurope 3
microsoft.network/virtualnetworks northeurope 1
microsoft.network/virtualnetworks westeurope 1
microsoft.operationalinsights/workspaces westeurope 1
microsoft.operationsmanagement/solutions westeurope 10
microsoft.storage/storageaccounts eastus 1
microsoft.storage/storageaccounts northeurope 1
microsoft.storage/storageaccounts westeurope 1
microsoft.web/serverfarms westeurope 1
microsoft.web/sites westeurope 1

No Resource fluctuation since last run

CAF - Recommended abbreviations for Azure resource types docs
Resource details can be found in the CSV output *_ResourcesAll.csv
Download CSV semicolon | comma
ResourceType Recommendation ResourceFriendlyName passed failed passed percentage
microsoft.automation/automationaccounts aa- Automation account 0 1 0%
microsoft.keyvault/vaults kv- Key vault 0 1 0%
microsoft.logic/workflows logic- Logic apps 3 0 100%
microsoft.managedidentity/userassignedidentities id- Managed Identity 0 4 0%
microsoft.network/networksecuritygroups nsg- Network security group (NSG) 0 12 0%
microsoft.network/networkwatchers nw- Network Watcher 0 2 0%
microsoft.network/routetables rt- Route table 0 10 0%
microsoft.network/virtualnetworks vnet- Virtual network 1 1 50%
microsoft.operationalinsights/workspaces log- Log Analytics workspace 0 1 0%
microsoft.storage/storageaccounts st, stvm Storage account, VM storage account 0 3 0%
microsoft.web/serverfarms plan- App Service plan 0 1 0%
microsoft.web/sites app-, func-, ase- Web app, Function app, App Service environment 0 1 0%
'Azure Orphan Resources' ARG queries and workbooks GitHub
Resource details can be found in the CSV output *_ResourcesOrphaned.csv
Download CSV semicolon | comma
ResourceType Resource count Subscriptions count Intent Cost (30 days) Currency
microsoft.network/networksecuritygroups 12 4 misconfiguration
microsoft.network/routetables 10 4 misconfiguration
microsoft.resources/subscriptions/resourcegroups 799 4 clean up
Download CSV semicolon | comma
Provider Registered Registering NotRegistered Unregistering
Dell.Storage 0 0 4 0
Dynatrace.Observability 0 0 4 0
Microsoft.AAD 1 0 3 0
microsoft.aadiam 1 0 3 0
Microsoft.Addons 1 0 3 0
Microsoft.ADHybridHealthService 4 0 0 0
Microsoft.Advisor 4 0 0 0
Microsoft.AgFoodPlatform 1 0 3 0
Microsoft.AlertsManagement 1 0 3 0
Microsoft.AnalysisServices 1 0 3 0
Microsoft.AnyBuild 1 0 3 0
Microsoft.ApiManagement 1 0 3 0
Microsoft.ApiSecurity 0 0 4 0
Microsoft.App 0 0 4 0
Microsoft.AppAssessment 2 0 2 0
Microsoft.AppComplianceAutomation 0 0 4 0
Microsoft.AppConfiguration 2 0 2 0
Microsoft.AppPlatform 2 0 2 0
Microsoft.Attestation 1 0 3 0
Microsoft.Authorization 4 0 0 0
Microsoft.Automanage 1 0 3 0
Microsoft.Automation 2 0 2 0
Microsoft.AutonomousDevelopmentPlatform 1 0 3 0
Microsoft.AutonomousSystems 1 0 3 0
Microsoft.AVS 1 0 3 0
Microsoft.AzureActiveDirectory 1 0 3 0
Microsoft.AzureArcData 1 0 3 0
Microsoft.AzureCIS 1 0 3 0
Microsoft.AzureData 1 0 3 0
Microsoft.AzurePercept 0 0 4 0
Microsoft.AzureScan 0 0 4 0
Microsoft.AzureSphere 1 0 3 0
Microsoft.AzureSphereGen2 0 0 4 0
Microsoft.AzureSphereV2 0 0 4 0
Microsoft.AzureStack 1 0 3 0
Microsoft.AzureStackHCI 1 0 3 0
Microsoft.BackupSolutions 0 0 4 0
Microsoft.BareMetalInfrastructure 1 0 3 0
Microsoft.Batch 1 0 3 0
Microsoft.Billing 4 0 0 0
Microsoft.BillingBenefits 0 0 4 0
Microsoft.Bing 1 0 3 0
Microsoft.BlockchainTokens 1 0 3 0
Microsoft.Blueprint 1 0 3 0
Microsoft.BotService 1 0 3 0
Microsoft.Cache 1 0 3 0
Microsoft.Capacity 1 0 3 0
Microsoft.Cascade 1 0 3 0
Microsoft.Cdn 1 0 3 0
Microsoft.CertificateRegistration 1 0 3 0
Microsoft.ChangeAnalysis 1 0 3 0
Microsoft.Chaos 1 0 3 0
Microsoft.ClassicCompute 1 0 3 0
Microsoft.ClassicInfrastructureMigrate 1 0 3 0
Microsoft.ClassicNetwork 1 0 3 0
Microsoft.ClassicStorage 1 0 3 0
Microsoft.ClassicSubscription 4 0 0 0
Microsoft.CloudTest 0 0 4 0
Microsoft.CodeSigning 0 0 4 0
Microsoft.Codespaces 1 0 3 0
Microsoft.CognitiveServices 1 0 3 0
Microsoft.Commerce 4 0 0 0
Microsoft.Communication 1 0 3 0
Microsoft.Compute 2 0 2 0
Microsoft.ConfidentialLedger 1 0 3 0
Microsoft.Confluent 1 0 3 0
Microsoft.ConnectedCache 1 0 3 0
microsoft.connectedopenstack 0 0 4 0
Microsoft.ConnectedVehicle 1 0 3 0
Microsoft.ConnectedVMwarevSphere 1 0 3 0
Microsoft.Consumption 4 0 0 0
Microsoft.ContainerInstance 2 0 2 0
Microsoft.ContainerRegistry 2 0 2 0
Microsoft.ContainerService 2 0 2 0
Microsoft.CostManagement 4 0 0 0
Microsoft.CostManagementExports 1 0 3 0
Microsoft.CustomerLockbox 1 0 3 0
Microsoft.CustomProviders 2 0 2 0
Microsoft.D365CustomerInsights 1 0 3 0
Microsoft.Dashboard 0 0 4 0
Microsoft.DataBox 1 0 3 0
Microsoft.DataBoxEdge 1 0 3 0
Microsoft.Databricks 1 0 3 0
Microsoft.DataCatalog 1 0 3 0
Microsoft.DataCollaboration 1 0 3 0
Microsoft.Datadog 1 0 3 0
Microsoft.DataFactory 1 0 3 0
Microsoft.DataLakeAnalytics 1 0 3 0
Microsoft.DataLakeStore 1 0 3 0
Microsoft.DataMigration 1 0 3 0
Microsoft.DataProtection 1 0 3 0
Microsoft.DataReplication 0 0 4 0
Microsoft.DataShare 1 0 3 0
Microsoft.DBforMariaDB 1 0 3 0
Microsoft.DBforMySQL 1 0 3 0
Microsoft.DBforPostgreSQL 1 0 3 0
Microsoft.DelegatedNetwork 1 0 3 0
Microsoft.DeploymentManager 1 0 3 0
Microsoft.DesktopVirtualization 1 0 3 0
Microsoft.DevAI 0 0 4 0
Microsoft.DevCenter 0 0 4 0
Microsoft.DevHub 0 0 4 0
Microsoft.Devices 1 0 3 0
Microsoft.DeviceUpdate 1 0 3 0
Microsoft.DevOps 1 0 3 0
Microsoft.DevTestLab 1 0 3 0
Microsoft.Diagnostics 2 0 0 0
Microsoft.DigitalTwins 1 0 3 0
Microsoft.DocumentDB 1 0 3 0
Microsoft.DomainRegistration 1 0 3 0
Microsoft.Easm 0 0 4 0
Microsoft.EdgeOrder 0 0 4 0
Microsoft.EdgeZones 0 0 4 0
Microsoft.Elastic 1 0 3 0
Microsoft.ElasticSan 0 0 4 0
Microsoft.EventGrid 1 0 3 0
Microsoft.EventHub 1 0 3 0
Microsoft.ExtendedLocation 1 0 3 0
Microsoft.Falcon 1 0 3 0
Microsoft.Features 4 0 0 0
Microsoft.Fidalgo 0 0 4 0
Microsoft.FluidRelay 0 0 4 0
Microsoft.GuestConfiguration 3 0 1 0
Microsoft.HanaOnAzure 1 0 3 0
Microsoft.HardwareSecurityModules 1 0 3 0
Microsoft.HDInsight 1 0 3 0
Microsoft.HealthBot 1 0 3 0
Microsoft.HealthcareApis 1 0 3 0
Microsoft.HpcWorkbench 0 0 4 0
Microsoft.HybridCompute 1 0 3 0
Microsoft.HybridConnectivity 0 0 4 0
Microsoft.HybridContainerService 0 0 4 0
Microsoft.HybridData 1 0 3 0
Microsoft.HybridNetwork 1 0 3 0
Microsoft.ImportExport 1 0 3 0
microsoft.insights 3 0 1 0
Microsoft.IntelligentITDigitalTwin 1 0 3 0
Microsoft.IoTCentral 1 0 3 0
Microsoft.IoTFirmwareDefense 0 0 4 0
Microsoft.IoTSecurity 1 0 3 0
Microsoft.KeyVault 1 0 3 0
Microsoft.Kubernetes 1 0 3 0
Microsoft.KubernetesConfiguration 1 0 3 0
Microsoft.Kusto 1 0 3 0
Microsoft.LabServices 1 0 3 0
Microsoft.LoadTestService 0 0 4 0
Microsoft.Logic 3 0 1 0
Microsoft.Logz 1 0 3 0
Microsoft.MachineLearning 1 0 3 0
Microsoft.MachineLearningServices 1 0 3 0
Microsoft.Maintenance 1 0 3 0
Microsoft.ManagedIdentity 3 0 1 0
Microsoft.ManagedNetworkFabric 0 0 4 0
Microsoft.ManagedServices 2 0 2 0
Microsoft.Management 2 0 2 0
Microsoft.Maps 1 0 3 0
Microsoft.Marketplace 2 0 2 0
Microsoft.MarketplaceNotifications 4 0 0 0
Microsoft.MarketplaceOrdering 4 0 0 0
Microsoft.Media 1 0 3 0
Microsoft.Migrate 1 0 3 0
Microsoft.MixedReality 1 0 3 0
Microsoft.MobileNetwork 0 0 4 0
Microsoft.Monitor 0 0 4 0
Microsoft.NetApp 1 0 3 0
Microsoft.Network 4 0 0 0
Microsoft.NetworkAnalytics 0 0 4 0
Microsoft.NetworkCloud 0 0 4 0
Microsoft.NetworkFunction 0 0 4 0
Microsoft.NotificationHubs 1 0 3 0
Microsoft.ObjectStore 1 0 3 0
Microsoft.OffAzure 1 0 3 0
Microsoft.OpenEnergyPlatform 0 0 4 0
Microsoft.OpenLogisticsPlatform 1 0 3 0
Microsoft.OperationalInsights 2 0 2 0
Microsoft.OperationsManagement 2 0 2 0
Microsoft.Orbital 0 0 4 0
Microsoft.Peering 1 0 3 0
Microsoft.Pki 0 0 4 0
Microsoft.PlayFab 0 0 4 0
Microsoft.PolicyInsights 4 0 0 0
Microsoft.Portal 4 0 0 0
Microsoft.PowerBI 1 0 3 0
Microsoft.PowerBIDedicated 1 0 3 0
Microsoft.PowerPlatform 1 0 3 0
Microsoft.ProviderHub 2 0 2 0
Microsoft.Purview 1 0 3 0
Microsoft.Quantum 1 0 3 0
Microsoft.Quota 0 0 4 0
Microsoft.RecommendationsService 1 0 3 0
Microsoft.RecoveryServices 1 0 3 0
Microsoft.RedHatOpenShift 1 0 3 0
Microsoft.Relay 1 0 3 0
Microsoft.ResourceConnector 1 0 3 0
Microsoft.ResourceGraph 4 0 0 0
Microsoft.ResourceHealth 1 0 3 0
Microsoft.Resources 4 0 0 0
Microsoft.SaaS 1 0 3 0
Microsoft.Scom 0 0 4 0
Microsoft.ScVmm 1 0 3 0
Microsoft.Search 1 0 3 0
Microsoft.Security 3 0 1 0
Microsoft.SecurityDetonation 1 0 3 0
Microsoft.SecurityDevOps 0 0 4 0
Microsoft.SecurityInsights 1 0 3 0
Microsoft.SerialConsole 4 0 0 0
Microsoft.ServiceBus 1 0 3 0
Microsoft.ServiceFabric 1 0 3 0
Microsoft.ServiceFabricMesh 1 0 3 0
Microsoft.ServiceLinker 1 0 3 0
Microsoft.ServicesHub 1 0 3 0
Microsoft.SignalRService 1 0 3 0
Microsoft.Singularity 1 0 3 0
Microsoft.SoftwarePlan 1 0 3 0
Microsoft.Solutions 1 0 3 0
Microsoft.Sql 1 0 3 0
Microsoft.SqlVirtualMachine 1 0 3 0
Microsoft.Storage 3 0 1 0
Microsoft.StorageCache 1 0 3 0
Microsoft.StorageMover 0 0 4 0
Microsoft.StoragePool 1 0 3 0
Microsoft.StorageSync 1 0 3 0
Microsoft.StorSimple 1 0 3 0
Microsoft.StreamAnalytics 1 0 3 0
Microsoft.Subscription 1 0 3 0
microsoft.support 4 0 0 0
Microsoft.Synapse 1 0 3 0
microsoft.syntex 0 0 4 0
Microsoft.TestBase 1 0 3 0
Microsoft.TimeSeriesInsights 1 0 3 0
Microsoft.VideoIndexer 0 0 4 0
Microsoft.VirtualMachineImages 1 0 3 0
microsoft.visualstudio 1 0 3 0
Microsoft.VMware 1 0 3 0
Microsoft.VMwareCloudSimple 1 0 3 0
Microsoft.VSOnline 1 0 3 0
Microsoft.Web 4 0 0 0
Microsoft.WindowsESU 1 0 3 0
Microsoft.WindowsIoT 1 0 3 0
Microsoft.WorkloadBuilder 1 0 3 0
Microsoft.WorkloadMonitor 1 0 3 0
Microsoft.Workloads 0 0 4 0
NewRelic.Observability 0 0 4 0
NGINX.NGINXPLUS 0 0 4 0
PaloAltoNetworks.Cloudngfw 0 0 4 0
Qumulo.QaaS 0 0 4 0
Wandisco.Fusion 1 0 3 0
Download CSV semicolon | comma
Subscription SubscriptionId Subscription MG path Provider State
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Dell.Storage NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Dynatrace.Observability NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AAD NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e microsoft.aadiam NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Addons NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ADHybridHealthService Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Advisor Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AgFoodPlatform NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AlertsManagement NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AnalysisServices NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AnyBuild NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ApiManagement NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ApiSecurity NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.App NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AppAssessment NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AppComplianceAutomation NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AppConfiguration NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AppPlatform NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Attestation NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Authorization Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Automanage NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Automation NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AutonomousDevelopmentPlatform NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AutonomousSystems NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AVS NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureActiveDirectory NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureArcData NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureCIS NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureData NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzurePercept NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureScan NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureSphere NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureSphereGen2 NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureSphereV2 NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureStack NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.AzureStackHCI NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.BackupSolutions NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.BareMetalInfrastructure NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Batch NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Billing Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.BillingBenefits NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Bing NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.BlockchainTokens NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Blueprint NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.BotService NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Cache NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Capacity NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Cascade NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Cdn NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.CertificateRegistration NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ChangeAnalysis NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Chaos NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ClassicCompute NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ClassicInfrastructureMigrate NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ClassicNetwork NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ClassicStorage NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ClassicSubscription Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.CloudTest NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.CodeSigning NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Codespaces NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.CognitiveServices NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Commerce Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Communication NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Compute Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ConfidentialLedger NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Confluent NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ConnectedCache NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e microsoft.connectedopenstack NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ConnectedVehicle NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ConnectedVMwarevSphere NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Consumption Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ContainerInstance NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ContainerRegistry NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ContainerService NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.CostManagement Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.CostManagementExports NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.CustomerLockbox NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.CustomProviders NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.D365CustomerInsights NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Dashboard NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataBox NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataBoxEdge NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Databricks NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataCatalog NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataCollaboration NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Datadog NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataFactory NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataLakeAnalytics NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataLakeStore NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataMigration NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataProtection NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataReplication NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DataShare NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DBforMariaDB NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DBforMySQL NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DBforPostgreSQL NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DelegatedNetwork NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DeploymentManager NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DesktopVirtualization NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DevAI NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DevCenter NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DevHub NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Devices NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DeviceUpdate NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DevOps NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DevTestLab NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Diagnostics Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DigitalTwins NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DocumentDB NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.DomainRegistration NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Easm NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.EdgeOrder NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.EdgeZones NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Elastic NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ElasticSan NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.EventGrid NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.EventHub NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ExtendedLocation NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Falcon NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Features Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Fidalgo NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.FluidRelay NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.GuestConfiguration NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HanaOnAzure NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HardwareSecurityModules NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HDInsight NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HealthBot NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HealthcareApis NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HpcWorkbench NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HybridCompute NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HybridConnectivity NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HybridContainerService NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HybridData NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.HybridNetwork NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ImportExport NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e microsoft.insights Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.IntelligentITDigitalTwin NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.IoTCentral NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.IoTFirmwareDefense NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.IoTSecurity NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.KeyVault NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Kubernetes NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.KubernetesConfiguration NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Kusto NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.LabServices NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.LoadTestService NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Logic NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Logz NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.MachineLearning NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.MachineLearningServices NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Maintenance NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ManagedIdentity NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ManagedNetworkFabric NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ManagedServices NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Management NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Maps NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Marketplace NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.MarketplaceNotifications Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.MarketplaceOrdering Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Media NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Migrate NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.MixedReality NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.MobileNetwork NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Monitor NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.NetApp NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Network Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.NetworkAnalytics NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.NetworkCloud NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.NetworkFunction NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.NotificationHubs NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ObjectStore NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.OffAzure NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.OpenEnergyPlatform NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.OpenLogisticsPlatform NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.OperationalInsights NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.OperationsManagement NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Orbital NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Peering NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Pki NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.PlayFab NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.PolicyInsights Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Portal Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.PowerBI NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.PowerBIDedicated NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.PowerPlatform NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ProviderHub NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Purview NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Quantum NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Quota NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.RecommendationsService NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.RecoveryServices NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.RedHatOpenShift NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Relay NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ResourceConnector NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ResourceGraph Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ResourceHealth NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Resources Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.SaaS NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Scom NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ScVmm NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Search NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Security NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.SecurityDetonation NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.SecurityDevOps NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.SecurityInsights NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.SerialConsole Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ServiceBus NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ServiceFabric NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ServiceFabricMesh NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ServiceLinker NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.ServicesHub NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.SignalRService NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Singularity NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.SoftwarePlan NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Solutions NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Sql NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.SqlVirtualMachine NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Storage Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.StorageCache NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.StorageMover NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.StoragePool NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.StorageSync NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.StorSimple NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.StreamAnalytics NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Subscription NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e microsoft.support Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Synapse NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e microsoft.syntex NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.TestBase NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.TimeSeriesInsights NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.VideoIndexer NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.VirtualMachineImages NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e microsoft.visualstudio NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.VMware NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.VMwareCloudSimple NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.VSOnline NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Web Registered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.WindowsESU NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.WindowsIoT NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.WorkloadBuilder NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.WorkloadMonitor NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Microsoft.Workloads NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e NewRelic.Observability NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e NGINX.NGINXPLUS NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e PaloAltoNetworks.Cloudngfw NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Qumulo.QaaS NotRegistered
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e Wandisco.Fusion NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Dell.Storage NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Dynatrace.Observability NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AAD Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.aadiam Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Addons Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ADHybridHealthService Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Advisor Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AgFoodPlatform Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AlertsManagement Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AnalysisServices Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AnyBuild Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ApiManagement Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ApiSecurity NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.App NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AppAssessment Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AppComplianceAutomation NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AppConfiguration Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AppPlatform Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Attestation Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Authorization Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Automanage Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Automation Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AutonomousDevelopmentPlatform Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AutonomousSystems Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AVS Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureActiveDirectory Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureArcData Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureCIS Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureData Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzurePercept NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureScan NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureSphere Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureSphereGen2 NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureSphereV2 NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureStack Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.AzureStackHCI Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.BackupSolutions NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.BareMetalInfrastructure Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Batch Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Billing Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.BillingBenefits NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Bing Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.BlockchainTokens Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Blueprint Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.BotService Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Cache Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Capacity Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Cascade Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Cdn Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CertificateRegistration Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ChangeAnalysis Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Chaos Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicCompute Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicInfrastructureMigrate Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicNetwork Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicStorage Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ClassicSubscription Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CloudTest NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CodeSigning NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Codespaces Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CognitiveServices Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Commerce Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Communication Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Compute Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ConfidentialLedger Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Confluent Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ConnectedCache Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.connectedopenstack NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ConnectedVehicle Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ConnectedVMwarevSphere Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Consumption Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ContainerInstance Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ContainerRegistry Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ContainerService Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CostManagement Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CostManagementExports Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CustomerLockbox Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.CustomProviders Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.D365CustomerInsights Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Dashboard NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataBox Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataBoxEdge Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Databricks Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataCatalog Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataCollaboration Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Datadog Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataFactory Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataLakeAnalytics Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataLakeStore Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataMigration Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataProtection Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataReplication NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DataShare Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DBforMariaDB Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DBforMySQL Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DBforPostgreSQL Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DelegatedNetwork Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DeploymentManager Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DesktopVirtualization Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DevAI NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DevCenter NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DevHub NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Devices Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DeviceUpdate Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DevOps Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DevTestLab Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Diagnostics Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DigitalTwins Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DocumentDB Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.DomainRegistration Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Easm NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.EdgeOrder NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.EdgeZones NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Elastic Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ElasticSan NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.EventGrid Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.EventHub Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ExtendedLocation Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Falcon Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Features Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Fidalgo NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.FluidRelay NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.GuestConfiguration Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HanaOnAzure Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HardwareSecurityModules Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HDInsight Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HealthBot Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HealthcareApis Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HpcWorkbench NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HybridCompute Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HybridConnectivity NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HybridContainerService NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HybridData Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.HybridNetwork Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ImportExport Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.insights Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.IntelligentITDigitalTwin Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.IoTCentral Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.IoTFirmwareDefense NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.IoTSecurity Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.KeyVault Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Kubernetes Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.KubernetesConfiguration Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Kusto Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.LabServices Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.LoadTestService NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Logic Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Logz Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MachineLearning Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MachineLearningServices Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Maintenance Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ManagedIdentity Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ManagedNetworkFabric NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ManagedServices Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Management Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Maps Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Marketplace Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MarketplaceNotifications Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MarketplaceOrdering Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Media Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Migrate Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MixedReality Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.MobileNetwork NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Monitor NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.NetApp Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Network Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.NetworkAnalytics NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.NetworkCloud NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.NetworkFunction NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.NotificationHubs Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ObjectStore Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.OffAzure Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.OpenEnergyPlatform NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.OpenLogisticsPlatform Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.OperationalInsights Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.OperationsManagement Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Orbital NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Peering Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Pki NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.PlayFab NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.PolicyInsights Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Portal Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.PowerBI Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.PowerBIDedicated Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.PowerPlatform Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ProviderHub Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Purview Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Quantum Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Quota NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.RecommendationsService Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.RecoveryServices Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.RedHatOpenShift Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Relay Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ResourceConnector Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ResourceGraph Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ResourceHealth Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Resources Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SaaS Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Scom NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ScVmm Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Search Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Security Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SecurityDetonation Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SecurityDevOps NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SecurityInsights Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SerialConsole Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServiceBus Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServiceFabric Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServiceFabricMesh Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServiceLinker Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.ServicesHub Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SignalRService Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Singularity Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SoftwarePlan Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Solutions Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Sql Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.SqlVirtualMachine Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Storage Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StorageCache Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StorageMover NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StoragePool Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StorageSync Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StorSimple Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.StreamAnalytics Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Subscription Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.support Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Synapse Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.syntex NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.TestBase Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.TimeSeriesInsights Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VideoIndexer NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VirtualMachineImages Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f microsoft.visualstudio Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VMware Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VMwareCloudSimple Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.VSOnline Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Web Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.WindowsESU Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.WindowsIoT Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.WorkloadBuilder Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.WorkloadMonitor Registered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Microsoft.Workloads NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f NewRelic.Observability NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f NGINX.NGINXPLUS NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f PaloAltoNetworks.Cloudngfw NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Qumulo.QaaS NotRegistered
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Wandisco.Fusion Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Dell.Storage NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Dynatrace.Observability NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AAD NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 microsoft.aadiam NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Addons NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ADHybridHealthService Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Advisor Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AgFoodPlatform NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AlertsManagement NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AnalysisServices NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AnyBuild NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ApiManagement NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ApiSecurity NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.App NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AppAssessment Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AppComplianceAutomation NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AppConfiguration Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AppPlatform Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Attestation NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Authorization Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Automanage NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Automation NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AutonomousDevelopmentPlatform NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AutonomousSystems NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AVS NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureActiveDirectory NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureArcData NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureCIS NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureData NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzurePercept NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureScan NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureSphere NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureSphereGen2 NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureSphereV2 NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureStack NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.AzureStackHCI NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.BackupSolutions NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.BareMetalInfrastructure NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Batch NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Billing Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.BillingBenefits NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Bing NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.BlockchainTokens NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Blueprint NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.BotService NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Cache NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Capacity NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Cascade NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Cdn NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.CertificateRegistration NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ChangeAnalysis NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Chaos NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ClassicCompute NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ClassicInfrastructureMigrate NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ClassicNetwork NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ClassicStorage NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ClassicSubscription Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.CloudTest NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.CodeSigning NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Codespaces NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.CognitiveServices NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Commerce Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Communication NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Compute NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ConfidentialLedger NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Confluent NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ConnectedCache NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 microsoft.connectedopenstack NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ConnectedVehicle NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ConnectedVMwarevSphere NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Consumption Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ContainerInstance Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ContainerRegistry Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ContainerService Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.CostManagement Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.CostManagementExports NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.CustomerLockbox NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.CustomProviders Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.D365CustomerInsights NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Dashboard NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataBox NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataBoxEdge NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Databricks NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataCatalog NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataCollaboration NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Datadog NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataFactory NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataLakeAnalytics NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataLakeStore NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataMigration NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataProtection NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataReplication NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DataShare NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DBforMariaDB NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DBforMySQL NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DBforPostgreSQL NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DelegatedNetwork NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DeploymentManager NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DesktopVirtualization NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DevAI NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DevCenter NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DevHub NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Devices NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DeviceUpdate NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DevOps NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DevTestLab NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DigitalTwins NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DocumentDB NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.DomainRegistration NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Easm NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.EdgeOrder NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.EdgeZones NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Elastic NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ElasticSan NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.EventGrid NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.EventHub NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ExtendedLocation NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Falcon NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Features Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Fidalgo NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.FluidRelay NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.GuestConfiguration Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HanaOnAzure NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HardwareSecurityModules NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HDInsight NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HealthBot NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HealthcareApis NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HpcWorkbench NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HybridCompute NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HybridConnectivity NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HybridContainerService NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HybridData NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.HybridNetwork NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ImportExport NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 microsoft.insights NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.IntelligentITDigitalTwin NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.IoTCentral NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.IoTFirmwareDefense NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.IoTSecurity NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.KeyVault NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Kubernetes NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.KubernetesConfiguration NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Kusto NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.LabServices NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.LoadTestService NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Logic Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Logz NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.MachineLearning NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.MachineLearningServices NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Maintenance NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ManagedIdentity Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ManagedNetworkFabric NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ManagedServices Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Management NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Maps NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Marketplace Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.MarketplaceNotifications Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.MarketplaceOrdering Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Media NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Migrate NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.MixedReality NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.MobileNetwork NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Monitor NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.NetApp NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Network Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.NetworkAnalytics NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.NetworkCloud NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.NetworkFunction NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.NotificationHubs NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ObjectStore NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.OffAzure NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.OpenEnergyPlatform NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.OpenLogisticsPlatform NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.OperationalInsights NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.OperationsManagement NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Orbital NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Peering NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Pki NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.PlayFab NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.PolicyInsights Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Portal Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.PowerBI NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.PowerBIDedicated NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.PowerPlatform NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ProviderHub Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Purview NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Quantum NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Quota NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.RecommendationsService NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.RecoveryServices NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.RedHatOpenShift NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Relay NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ResourceConnector NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ResourceGraph Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ResourceHealth NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Resources Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.SaaS NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Scom NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ScVmm NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Search NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Security Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.SecurityDetonation NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.SecurityDevOps NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.SecurityInsights NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.SerialConsole Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ServiceBus NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ServiceFabric NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ServiceFabricMesh NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ServiceLinker NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.ServicesHub NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.SignalRService NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Singularity NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.SoftwarePlan NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Solutions NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Sql NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.SqlVirtualMachine NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Storage NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.StorageCache NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.StorageMover NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.StoragePool NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.StorageSync NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.StorSimple NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.StreamAnalytics NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Subscription NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 microsoft.support Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Synapse NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 microsoft.syntex NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.TestBase NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.TimeSeriesInsights NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.VideoIndexer NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.VirtualMachineImages NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 microsoft.visualstudio NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.VMware NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.VMwareCloudSimple NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.VSOnline NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Web Registered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.WindowsESU NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.WindowsIoT NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.WorkloadBuilder NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.WorkloadMonitor NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Microsoft.Workloads NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 NewRelic.Observability NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 NGINX.NGINXPLUS NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 PaloAltoNetworks.Cloudngfw NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Qumulo.QaaS NotRegistered
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Wandisco.Fusion NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Dell.Storage NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Dynatrace.Observability NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AAD NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.aadiam NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Addons NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ADHybridHealthService Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Advisor Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AgFoodPlatform NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AlertsManagement NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AnalysisServices NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AnyBuild NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ApiManagement NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ApiSecurity NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.App NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AppAssessment NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AppComplianceAutomation NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AppConfiguration NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AppPlatform NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Attestation NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Authorization Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Automanage NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Automation Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AutonomousDevelopmentPlatform NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AutonomousSystems NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AVS NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureActiveDirectory NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureArcData NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureCIS NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureData NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzurePercept NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureScan NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureSphere NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureSphereGen2 NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureSphereV2 NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureStack NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.AzureStackHCI NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.BackupSolutions NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.BareMetalInfrastructure NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Batch NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Billing Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.BillingBenefits NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Bing NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.BlockchainTokens NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Blueprint NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.BotService NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Cache NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Capacity NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Cascade NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Cdn NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CertificateRegistration NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ChangeAnalysis NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Chaos NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicCompute NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicInfrastructureMigrate NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicNetwork NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicStorage NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ClassicSubscription Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CloudTest NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CodeSigning NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Codespaces NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CognitiveServices NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Commerce Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Communication NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Compute NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ConfidentialLedger NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Confluent NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ConnectedCache NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.connectedopenstack NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ConnectedVehicle NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ConnectedVMwarevSphere NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Consumption Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ContainerInstance NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ContainerRegistry NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ContainerService NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CostManagement Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CostManagementExports NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CustomerLockbox NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.CustomProviders NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.D365CustomerInsights NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Dashboard NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataBox NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataBoxEdge NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Databricks NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataCatalog NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataCollaboration NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Datadog NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataFactory NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataLakeAnalytics NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataLakeStore NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataMigration NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataProtection NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataReplication NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DataShare NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DBforMariaDB NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DBforMySQL NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DBforPostgreSQL NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DelegatedNetwork NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DeploymentManager NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DesktopVirtualization NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DevAI NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DevCenter NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DevHub NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Devices NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DeviceUpdate NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DevOps NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DevTestLab NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DigitalTwins NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DocumentDB NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.DomainRegistration NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Easm NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.EdgeOrder NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.EdgeZones NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Elastic NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ElasticSan NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.EventGrid NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.EventHub NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ExtendedLocation NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Falcon NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Features Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Fidalgo NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.FluidRelay NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.GuestConfiguration Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HanaOnAzure NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HardwareSecurityModules NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HDInsight NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HealthBot NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HealthcareApis NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HpcWorkbench NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HybridCompute NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HybridConnectivity NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HybridContainerService NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HybridData NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.HybridNetwork NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ImportExport NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.insights Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.IntelligentITDigitalTwin NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.IoTCentral NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.IoTFirmwareDefense NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.IoTSecurity NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.KeyVault NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Kubernetes NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.KubernetesConfiguration NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Kusto NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.LabServices NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.LoadTestService NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Logic Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Logz NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MachineLearning NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MachineLearningServices NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Maintenance NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ManagedIdentity Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ManagedNetworkFabric NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ManagedServices NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Management Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Maps NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Marketplace NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MarketplaceNotifications Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MarketplaceOrdering Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Media NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Migrate NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MixedReality NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.MobileNetwork NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Monitor NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.NetApp NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Network Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.NetworkAnalytics NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.NetworkCloud NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.NetworkFunction NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.NotificationHubs NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ObjectStore NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.OffAzure NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.OpenEnergyPlatform NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.OpenLogisticsPlatform NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.OperationalInsights Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.OperationsManagement Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Orbital NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Peering NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Pki NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.PlayFab NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.PolicyInsights Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Portal Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.PowerBI NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.PowerBIDedicated NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.PowerPlatform NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ProviderHub NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Purview NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Quantum NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Quota NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.RecommendationsService NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.RecoveryServices NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.RedHatOpenShift NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Relay NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ResourceConnector NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ResourceGraph Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ResourceHealth NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Resources Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SaaS NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Scom NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ScVmm NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Search NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Security Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SecurityDetonation NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SecurityDevOps NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SecurityInsights NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SerialConsole Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServiceBus NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServiceFabric NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServiceFabricMesh NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServiceLinker NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.ServicesHub NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SignalRService NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Singularity NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SoftwarePlan NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Solutions NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Sql NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.SqlVirtualMachine NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Storage Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StorageCache NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StorageMover NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StoragePool NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StorageSync NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StorSimple NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.StreamAnalytics NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Subscription NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.support Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Synapse NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.syntex NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.TestBase NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.TimeSeriesInsights NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VideoIndexer NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VirtualMachineImages NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 microsoft.visualstudio NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VMware NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VMwareCloudSimple NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.VSOnline NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Web Registered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.WindowsESU NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.WindowsIoT NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.WorkloadBuilder NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.WorkloadMonitor NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Workloads NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 NewRelic.Observability NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 NGINX.NGINXPLUS NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 PaloAltoNetworks.Cloudngfw NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Qumulo.QaaS NotRegistered
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Wandisco.Fusion NotRegistered
Set up preview features in Azure subscription docs
Download CSV semicolon | comma
Feature Subscriptions
Microsoft.Network/AllowPrivateEndpointNSG 1
Considerations before applying locks docs
Lock scope Lock type presence
SubscriptionCannotDelete0 of 4 Subscriptions
SubscriptionReadOnly0 of 4 Subscriptions
ResourceGroupCannotDelete1 of 4 Subscriptions (total: 1)
ResourceGroupReadOnly0 of 4 Subscriptions (total: 0)
ResourceCannotDelete0 of 4 Subscriptions (total: 0)
ResourceReadOnly0 of 4 Subscriptions (total: 0)
Register Resource Provider 'Microsoft.Security' docs
Microsoft Defender for Cloud's enhanced security features docs
Download CSV semicolon | comma
Subscription Name Subscription Id Subscription QuotaId Subscription MG path reason
payg1 20217969-e578-4e91-beea-9bcf18b05a7e PayAsYouGo_2014-09-01 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e SubscriptionNotRegistered
Using deprecated plan 'Container registries' docs
Using deprecated plan 'Kubernetes' docs
Microsoft Defender for Cloud's enhanced security features docs
Download CSV semicolon | comma
Plan/Tier Subscription Count
AppServices, Free 2
AppServices, Standard 1
Arm, Free 2
Arm, Standard 1
CloudPosture, Free 3
ContainerRegistry, Free 2
ContainerRegistry, Standard 1
Containers, Free 3
CosmosDbs, Free 3
Dns, Free 2
Dns, Standard 1
KeyVaults, Free 2
KeyVaults, Standard 1
KubernetesService, Free 2
KubernetesService, Standard 1
OpenSourceRelationalDatabases, Free 3
SqlServers, Free 2
SqlServers, Standard 1
SqlServerVirtualMachines, Free 3
StorageAccounts, Free 2
StorageAccounts, Standard 1
VirtualMachines, Free 2
VirtualMachines, Standard 1
Using deprecated plan 'Container registries' docs
Using deprecated plan 'Kubernetes' docs
Microsoft Defender for Cloud's enhanced security features docs
Download CSV semicolon | comma
Subscription SubscriptionId Subscription MG path AppServices Arm CloudPosture ContainerRegistry Containers CosmosDbs Dns KeyVaults KubernetesService OpenSourceRelationalDatabases SqlServers SqlServerVirtualMachines StorageAccounts VirtualMachines
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f Free Free Free Free Free Free Free Free Free Free Free Free Free Free
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 Free Free Free Free Free Free Free Free Free Free Free Free Free Free
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 Standard Standard Free Standard Free Free Standard Standard Standard Free Standard Free Standard Standard
Managed identity 'user-assigned' vs 'system-assigned' docs
Download CSV semicolon | comma
MI Name MI MgPath MI Subscription Name MI Subscription Id MI ResourceGroup MI ResourceId MI AAD SP objectId MI AAD SP applicationId MI count Res assignments Res Name Res Type Res MgPath Res Subscription Name Res Subscription Id Res ResourceGroup Res Id Res count assigned MIs
mi4439 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 mi /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/mi/providers/microsoft.managedidentity/userassignedidentities/mi4439 4b8bce68-e5f3-47d9-9420-66187e697c64 208163d8-f6f1-4726-b777-bd97d6efe6ec 1 logic-prj0765 Microsoft.Logic/workflows 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f rg-logic /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourceGroups/rg-logic/providers/Microsoft.Logic/workflows/logic-prj0765 1
miCentral001 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 management f28ba982-5ed0-4033-9bdf-e45e4b5df466 rg-id /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/rg-id/providers/Microsoft.ManagedIdentity/userAssignedIdentities/miCentral001 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 9059759b-7400-477d-9798-380d10e5cc96 2 ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Automation/automationAccounts 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 management f28ba982-5ed0-4033-9bdf-e45e4b5df466 ESJH-mgmt /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourceGroups/ESJH-mgmt/providers/Microsoft.Automation/automationAccounts/ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466 1
micentral001 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 management f28ba982-5ed0-4033-9bdf-e45e4b5df466 rg-id /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/rg-id/providers/microsoft.managedidentity/userassignedidentities/micentral001 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 9059759b-7400-477d-9798-380d10e5cc96 2 logic-centralServices001 Microsoft.Logic/workflows 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 management f28ba982-5ed0-4033-9bdf-e45e4b5df466 rg-logic /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourceGroups/rg-logic/providers/Microsoft.Logic/workflows/logic-centralServices001 1
Learn about PSRule for Azure
Download CSV semicolon | comma
Resource Type Resource Count Subscription Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Monitoring Important Automation accounts should collect platform diagnostic logs Consider configuring diagnostic settings to capture platform logs from Automation accounts. Fail
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Automation/automationAccounts 1 1 Security Data protection Important Encrypt automation variables Consider encrypting all automation account variables. Additionally consider, using Key Vault to store secrets. Key Vault improves security by tightly controlling access to secrets and improving management controls. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Awareness Use short lived web hooks An expiry time of 1 year is the default for webhook creation. Webhooks should be programmatically rotated at regular intervals - Microsoft recommends setting a shorter time than the default of 1 year. If authentication is required for a webhook consider implementing a pre-shared key in the header - or using an Azure Function. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Important Use managed identity for authentication Consider configure a managed identity for each Automation Account. Pass
Microsoft.Automation/automationAccounts 1 1 Security Monitor Important Audit Automation Account data access Consider configuring diagnostic settings to log access for Automation Account data. Fail
Microsoft.Automation/automationAccounts/runbooks 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Key names Consider using key names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault names Consider using names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Secret names Consider using secret names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Purge Protection Consider enabling purge protection on Key Vaults to enforce retention of vaults and vault items for up to 90 days. Fail
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Soft Delete Consider enabling soft delete on Key Vaults to enable recovery of vaults and vault items. Fail
Microsoft.KeyVault/vaults 1 1 Security Identity and access management Important Limit access to Key Vault data Consider assigning access to Key Vault data based on the principle of least privilege. Pass
Microsoft.KeyVault/vaults 1 1 Security Key and secret management Important Enable Key Vault key auto-rotation Consider enabling auto-rotation on Key Vault keys. Pass
Microsoft.KeyVault/vaults 1 1 Security Security operations Important Audit Key Vault data access Consider configuring diagnostic settings to log access for Key Vault data. Also consider, storing the access data into Azure Monitor and using Key Vault Analytics. Fail
Microsoft.Logic/workflows 3 3 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 4 3 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.ManagedIdentity/userAssignedIdentities 3 3 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 12 4 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added. Pass
Microsoft.Network/networkSecurityGroups 12 4 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/networkSecurityGroups 8 3 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 4 3 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 12 4 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet. Pass
Microsoft.Network/networkSecurityGroups 12 4 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts. Fail
Microsoft.Network/networkWatchers 2 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/routeTables 10 4 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/routeTables 10 4 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 2 2 Operational Excellence Repeatable infrastructure Awareness Use valid subnet names Consider using names that meet subnet naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 2 2 Operational Excellence Repeatable infrastructure Awareness Use valid VNET names Consider using names that meet Virtual Network naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 2 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 2 2 Reliability Availability Important Use local DNS servers Consider deploying redundant DNS services within a connected Azure VNET. Where possibly consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs. Alternatively consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure. Pass
Microsoft.Network/virtualNetworks 2 2 Reliability Availability Important Use redundant DNS servers Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced. Pass
Microsoft.Network/virtualNetworks 2 2 Security Network segmentation Critical Use NSGs on subnets For virtual network subnets, ensure that a network security groups (NSGs) are assigned. Pass
Microsoft.OperationalInsights/workspaces 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.OperationsManagement/solutions 10 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Storage/storageAccounts 3 2 Operational Excellence Repeatable infrastructure Awareness Use valid storage account names Consider using names that meet Storage Account naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Storage/storageAccounts 3 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Storage/storageAccounts 2 2 Reliability Data management Important Use blob soft delete Consider enabling soft delete on storage accounts to protect blobs from accidental deletion or modification. Fail
Microsoft.Storage/storageAccounts 2 2 Reliability Data management Important Use geo-replicated storage Consider using GRS for storage accounts that contain data. Fail
Microsoft.Storage/storageAccounts 2 2 Security Application endpoints Important Configure Azure Storage firewall Consider configuring storage firewall to restrict network access to permitted clients only. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 3 2 Security Authentication Important Disallow anonymous access to blob service Consider disallowing anonymous access to storage account blobs unless specifically required. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 3 2 Security Authentication Important Use private blob containers To provide secure access to data always use the Private access type (default). Also consider, disabling public access for the storage account. Pass
Microsoft.Storage/storageAccounts 3 2 Security Encryption Critical Storage Account minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 3 2 Security Encryption Important Enforce encrypted Storage connections Storage accounts should only accept secure traffic. Consider only accepting encrypted connections by setting the Secure transfer required option. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/serverFarms 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/serverFarms 1 1 Performance Efficiency Capacity planning Important Use App Service production SKU Consider using a standard or premium plan for hosting apps on Azure App Service. Fail
Microsoft.Web/serverFarms 1 1 Reliability Resiliency and dependencies Important Use two or more App Service Plan instances Consider using an App Service Plan with at least two (2) instances. Fail
Microsoft.Web/sites 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Disable Application Request Routing Azure App Service sites make use of Application Request Routing (ARR) by default. Consider disabling ARR affinity for stateless applications. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Use HTTP/2 connections for App Service apps Consider using HTTP/2 for Azure Services apps to improve protocol efficiency. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Important Use App Service Always On Consider enabling Always On for each App Services app. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use a dedicated health probe path Consider using a dedicated health probe endpoint that implements functional checks. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use health probes Consider configuring a health probe to monitor instance availability. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Enforce encrypted App Service connections When access using unencrypted HTTP connection is not required consider enabling HTTPS Only. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Web apps disable insecure FTP Consider disabling insecure FTP and configure SFTP only when required. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer .NET version Consider updating the site to use a newer .NET version such as v6.0. Pass
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer PHP runtime version Consider updating the site to use a newer PHP runtime version such as 7.4. Pass
Microsoft.Web/sites 1 1 Security Encryption Critical App Service minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Identity and access management Important App Service apps uses a managed identity Consider configuring a managed identity for each App Service app. Also consider using managed identities to authenticate to related Azure services. Fail
Microsoft.Web/sites 1 1 Security Security configuration Important Disable App Service remote debugging Consider disabling remote debugging when not in use. Pass
Check this article by Elli Shlomo (MVP) Azure Blob Container Threats & Attacks
If you enabled the parameters StorageAccountAccessAnalysisSubscriptionTags or StorageAccountAccessAnalysisStorageAccountTags these are integrated in the CSV output *_StorageAccountAccessAnalysis.csv
Download CSV semicolon | comma
StorageAccount kind skuName skuTier location allowBlobPublicAccess publicNetworkAccess subscriptionMGPath resourceGroup networkAclsdefaultAction staticWebsitesState staticWebsitesResponse containersCanBeListed containersCount containersAnonymousContainerCount containersAnonymousBlobCount ipRulesCount ipRulesIPAddressList virtualNetworkRulesCount resourceAccessRulesCount resourceAccessRules bypass supportsHttpsTrafficOnly minimumTlsVersion allowSharedKeyAccess requireInfrastructureEncryption
csb100320003c7ef7f5 StorageV2 Standard_LRS Standard westeurope False likely enabled 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f cloud-shell-storage-westeurope Allow False n/a True 0 0 0 0 0 0 AzureServices True TLS1_2 likely True likely False
sa6749 StorageV2 Standard_LRS Standard northeurope True likely enabled 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f ProjectB Allow False n/a True 3 1 1 0 0 0 AzureServices True TLS1_2 True likely False
sa6750 StorageV2 Standard_LRS Standard westeurope True Enabled 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f sa Allow True True True 1 0 0 0 0 0 AzureServices False TLS1_2 True False
satestjh20220924 StorageV2 Standard_LRS Standard eastus False Enabled 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 sa Allow False n/a True 1 0 0 0 0 0 AzureServices True TLS1_2 False False

Management Groups

Management Group Diagnostic Settings - Create Or Update - REST API docs
Download CSV semicolon | comma
Management Group Name Management Group Id Diagnostic setting Inheritance Inherited from Target TargetId Administrative Policy
ESJH-platform ESJH-platform mgDiag_ESJH-platform False none LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true
ESJH-management ESJH-management mgDiag_ESJH-platform True ESJH-platform LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true
Management Group Diagnostic Settings - Create Or Update - REST API docs
Download CSV semicolon | comma
Management Group Name Management Group Id Management Group path
Tenant Root Group 896470ca-9c6e-4176-9b38-5a655403c638 896470ca-9c6e-4176-9b38-5a655403c638
ESJH ESJH 896470ca-9c6e-4176-9b38-5a655403c638/ESJH
ESJH-decommissioned ESJH-decommissioned 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-decommissioned
ESJH-landingzones ESJH-landingzones 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones
ESJH-online ESJH-online 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online
ESJH-sandboxes ESJH-sandboxes 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes
CUST_T5 atz CUST_T5 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes/CUST_T5
ESJHDEV ESJHDEV 896470ca-9c6e-4176-9b38-5a655403c638/ESJHDEV
ESJHQA ESJHQA 896470ca-9c6e-4176-9b38-5a655403c638/ESJHQA
test01 test01 896470ca-9c6e-4176-9b38-5a655403c638/test01
test01-APAC test01-APAC_ID 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-APAC_ID
test01-EMEA test01-EMEA_ID 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID

Subscriptions

Create diagnostic setting docs
Download CSV semicolon | comma
Subscription SubscriptionId Path Diagnostic setting Target TargetId Administrative Alert Autoscale Policy Recommendation ResourceHealth Security ServiceHealth
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f subscriptionToLa LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true true true true true true true
management f28ba982-5ed0-4033-9bdf-e45e4b5df466 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 subscriptionToLa LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true true true true true true true
payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 SendToGovernanceLAW LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true false false false false false true
payg1 20217969-e578-4e91-beea-9bcf18b05a7e 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e subscriptionToLa LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true true true true true true true

All Subscriptions are configured for Diagnostic settings docs

Resources

Create Custom Policies for Azure ResourceTypes that support Diagnostics Logs and Metrics Create-AzDiagPolicy
Supported categories for Azure Resource Logs docs
Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.automation/automationaccounts 1 True True True JobLogs, JobStreams, DscNodeStatus, AuditEvent
microsoft.automation/automationaccounts/runbooks 1 False False False
microsoft.keyvault/vaults 1 True True True AuditEvent, AzurePolicyEvaluationDetails
microsoft.logic/workflows 3 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 4 False False False
microsoft.network/networksecuritygroups 12 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 2 False False False
microsoft.network/routetables 10 False False False
microsoft.network/virtualnetworks 2 True True True VMProtectionAlerts
microsoft.operationalinsights/workspaces 1 True True True Audit
microsoft.operationsmanagement/solutions 10 False False False
microsoft.storage/storageaccounts 3 True True False
microsoft.web/serverfarms 1 True True False
microsoft.web/sites 1 True True True AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs
Create Custom Policies for Azure ResourceTypes that support Diagnostics Logs and Metrics Create-AzDiagPolicy
Supported categories for Azure Resource Logs docs
Priority Recommendation ResourceType Resource Count Diagnostics capable (logs) Policy Id Policy DisplayName Role definitions Target Log Categories not covered by Policy Policy assignments Policy used in PolicySet PolicySet assignments
1-High no recommendation as this resourceType seems not existing Microsoft.PowerBIDedicated/capacities 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
1-High no recommendation as this resourceType seems not existing Microsoft.Relay/namespaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay Deploy Diagnostic Settings for Relay to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
1-High no recommendation as this resourceType seems not existing Microsoft.Search/searchServices 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices Deploy Diagnostic Settings for Search Services to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
2-Medium Create diagnostics policy for this ResourceType. To verify GA check docs microsoft.operationalinsights/workspaces 0 yes n/a n/a n/a n/a n/a n/a n/a n/a
4-Low no recommendation Microsoft.Logic/workflows 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA all OK 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation Microsoft.Network/networkSecurityGroups 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA all OK 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation Microsoft.Network/virtualNetworks 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA all OK 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation Microsoft.Web/sites 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website Deploy Diagnostic Settings for App Service to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA all OK 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.AnalysisServices/servers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.ApiManagement/service 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt Deploy Diagnostic Settings for API Management to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Batch/batchAccounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch Deploy Diagnostic Settings for Batch to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Cdn/profiles/endpoints 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.CognitiveServices/accounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.ContainerRegistry/registries 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr Deploy Diagnostic Settings for Container Registry to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.ContainerService/managedClusters 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Databricks/workspaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks Deploy Diagnostic Settings for Databricks to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DataFactory/factories 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory Deploy Diagnostic Settings for Data Factory to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DataLakeAnalytics/accounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DataLakeStore/accounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DBforMariaDB/servers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb Deploy Diagnostic Settings for MariaDB to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DBforMySQL/servers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DBforPostgreSQL/servers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Devices/IotHubs 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.DocumentDB/databaseAccounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.EventGrid/systemTopics 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.EventGrid/topics 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.EventHub/namespaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Logic/integrationAccounts 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.MachineLearningServices/workspaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/applicationGateways 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/azureFirewalls 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall Deploy Diagnostic Settings for Firewall to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/expressRouteCircuits 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/frontDoors 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor Deploy Diagnostic Settings for Front Door to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/loadBalancers 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/publicIPAddresses 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/trafficManagerProfiles 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Network/virtualNetworkGateways 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.RecoveryServices/vaults 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.ServiceBus/namespaces 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.SignalRService/SignalR 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr Deploy Diagnostic Settings for SignalR to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Sql/managedInstances 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.Sql/servers/databases 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.StreamAnalytics/streamingjobs 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low no recommendation as this resourceType seems not existing Microsoft.TimeSeriesInsights/environments 0 unknown /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA n/a 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low review the policy and add the missing categories as required Microsoft.Automation/automationAccounts 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa Deploy Diagnostic Settings for Automation to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA AuditEvent 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low review the policy and add the missing categories as required Microsoft.KeyVault/vaults 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault Deploy Diagnostic Settings for Key Vault to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA AzurePolicyEvaluationDetails 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]
4-Low review the policy and add the missing categories as required Microsoft.Web/sites 0 yes /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace Monitoring Contributor (749f88d5-cbae-40b8-bcfc-e573ddc772fa), Log Analytics Contributor (92aaf0da-9dab-42b6-94a3-d43ce8d16293) LA AppServiceAppLogs, AppServiceAuditLogs, AppServiceConsoleLogs, AppServiceHTTPLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs 0 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics (Deploy Diagnostic Settings to Azure Services)] 1 [/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy-Resource-Diag)]

Tenant

PolicySet definitions: 7/2500 docs

Custom Role definitions: 11/5000 docs

Management Groups

0 Management Groups approaching Limit (200) for PolicyAssignment docs

0 Management Groups approaching Limit (500) for Policy Scope docs

0 Management Groups approaching Limit (200) for PolicySet Scope docs

0 Management Groups approaching Limit (500) for RoleAssignment docs

Subscriptions

Azure Subscription Resource Group Limit docs
Download CSV semicolon | comma
Subscription SubscriptionId Limit
landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f 81.43 % (798/980)

0 Subscriptions approaching Limit (50) for Tags docs

0 Subscriptions approaching Limit (200) for PolicyAssignment docs

0 Subscriptions approaching Limit (500) for Policy Scope docs

0 Subscriptions approaching Limit (200) for PolicySet Scope docs

0 Subscriptions approaching Limit (4000) for RoleAssignment docs

Check out AzADServicePrincipalInsights GitHub
Demystifying Service Principals - Managed Identities devBlogs
John Savill - Azure AD App Registrations, Enterprise Apps and Service Principals YouTube

No ServicePrincipals where the API returned 'Request_ResourceNotFound'

No Applications where the API returned 'Request_ResourceNotFound'

Download CSV semicolon | comma
ApplicationId DisplayName SP ObjectId Type Usage Usage info Policy assignment details Role assignments Assigned to resources Orphaned
c3c446da-7d49-4c82-9c9b-43c6bbef436b 1b5ac3236f0246ef83a14435 04b9b3f5-86a7-48cf-85fd-cce9468568db System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/test01/providers/Microsoft.Authorization/policyAssignments/1b5ac3236f0246ef83a14435 Custom Policy: 1234_AP_MG_RA_onSub (/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c) 1 (1234 RoleAssignmentSubscriptionOwner; 1ee892e0-67a1-4b4c-b171-8c3a371692a9 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be)) false
addfa80f-9a88-4563-a159-3c299bb4c7d8 Deploy-VM-Monitoring 065dde0b-5eab-4fce-80ee-ec956e94c498 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Monitoring BuiltIn PolicySet: Legacy - Enable Azure Monitor for VMs (55f3eceb-5573-4f18-9695-226972c6d74a) 1 (Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374)) false
e5a4a18c-0b5d-4a56-ae8c-eeb85eb91c57 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f 06683a54-86ee-4248-9c50-4b3c47b855be System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/policyAssignments/1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f Custom PolicySet: 1234_API_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust)) 1 (Owner (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e8)) false
59fea0c9-4279-46f2-b2ad-1103e264e964 Deploy-AzActivity-Log 1691aa06-da2e-43f0-98f9-af12494603a9 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-AzActivity-Log Custom Policy: Deploy Diagnostic Settings for Activity Log to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog) 1 (Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e)) false
2d307d2c-2661-474f-9155-20d244fd924d 1234_APA_Sub_RoleAssignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 266be8b1-7aa5-466c-b0d0-8010d97473c4 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/Microsoft.Authorization/policyAssignments/1234_APA_Sub_RoleAssignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 Custom PolicySet: 1234_API_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust)) 1 (Owner (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e9)) false
7b43e7f6-bcb5-4836-8d1f-b624b2714be0 Deploy-Log-Analytics 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-management/providers/Microsoft.Authorization/policyAssignments/Deploy-Log-Analytics Custom Policy: Deploy the Log Analytics in the subscription (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics) 1 (Owner (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a)) false
17e0b01b-14eb-4016-bf8e-171b5b044b95 Enforce-SQL-Encryption 34520a11-7b14-46a8-ac34-7d766959460a System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/policyAssignments/Enforce-SQL-Encryption BuiltIn Policy: Deploy SQL DB transparent data encryption (86a912f6-9a06-4e26-b447-11b16ba8659f) 1 (Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f)) false
804dac8b-0c02-47b7-be8f-f75829f17b35 a2d9426ccece4000b889c72f 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/test01/providers/Microsoft.Authorization/policyAssignments/a2d9426ccece4000b889c72f Custom Policy: 1234_AP_MG_RA_onSub (/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c) 1 (1234 RoleAssignmentSubscriptionOwner; 1ee892e0-67a1-4b4c-b171-8c3a371692a9 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054)) false
ce3f983c-2e58-4222-bf9d-fcf1cd6b04c0 abe0212187e243e89ce5a623 41d30710-9d12-4361-ad69-ad313b2c427c System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/test01/providers/Microsoft.Authorization/policyAssignments/abe0212187e243e89ce5a623 Custom Policy: My_AP_MG_raOnSub (/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a) 1 (1234 RoleAssignmentSubscriptionOwner; 1ee892e0-67a1-4b4c-b171-8c3a371692a9 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3)) false
208163d8-f6f1-4726-b777-bd97d6efe6ec mi4439 4b8bce68-e5f3-47d9-9420-66187e697c64 User assigned Microsoft.ManagedIdentity/userAssignedIdentities isExplicit=True, /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/mi/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mi4439 n/a 1 (Reader (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/76c168f5-9ca6-4e1f-bc44-f7cf435a9e12)) 1
6e1d3051-0ad2-4920-b525-a653ba20c5f6 Deploy-ASC-Security 4cb4c797-237b-4e64-b2cf-66f841700442 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-ASC-Security Custom Policy: Deploy Azure Defender settings in Azure Security Center. (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard) 1 (Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf)) false
873c2c67-e210-496e-86aa-f53d8b4f1844 Deploy-SQL-DB-Auditing 4f3a2551-ea2f-43c6-9623-8950156d19b7 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/policyAssignments/Deploy-SQL-DB-Auditing BuiltIn Policy: Auditing on SQL server should be enabled (a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9) 1 (Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6)) false
9059759b-7400-477d-9798-380d10e5cc96 miCentral001 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 User assigned Microsoft.ManagedIdentity/userAssignedIdentities isExplicit=True, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/rg-id/providers/Microsoft.ManagedIdentity/userAssignedIdentities/miCentral001 n/a 1 (Reader (/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04)) 2
b859744d-7ffd-414d-a91c-36cead7602a3 e184b6792089442786621cfe 71f8ba53-97da-4880-8d02-8b22176c9317 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/Microsoft.Authorization/policyAssignments/e184b6792089442786621cfe Custom Policy: DiagSubscriptionsDim (/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/68b79a92-8932-4f15-88a6-0ed2675fa157) 2 (Log Analytics Contributor (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/a11b5e6d-bb3d-43ea-8009-733bc510f16b), Log Analytics Contributor (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/8a2c62a5-a882-4427-af78-6c7af11325fa)) false
4ada7048-e9d2-457b-a0d0-ab7ec7fcb267 enforce0 79d69f2f-2fbe-409e-84c3-3e510c18fd16 System assigned Microsoft.Authorization/policyassignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyassignments/enforce0 Custom Policy: Enforce Role assignment at Subscription Scope (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope) 1 (Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815)) false
fe6518ee-eabc-4b96-9128-1553fa797d3f 5f9ec45db52f479e940fc150 84a55248-e141-4ea6-b6ad-23791f5e8980 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/test01/providers/Microsoft.Authorization/policyAssignments/5f9ec45db52f479e940fc150 Custom Policy: 1234_AP_MG_RA_onSub (/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c) 1 (1234 RoleAssignmentSubscriptionOwner; 1ee892e0-67a1-4b4c-b171-8c3a371692a9 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a)) false
afbb1efc-63bd-46fa-8d7e-976ec0d75862 Deploy-LX-Arc-Monitoring 9ed01b2b-9311-41a8-8897-0a329047be49 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-LX-Arc-Monitoring BuiltIn Policy: Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below (9d2b61b4-1d14-4a63-be30-d4498e7ad2cf) 1 (Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf)) false
cab048f7-a6c2-46d7-a04a-fed3abf27f75 Deploy-VMSS-Monitoring a3a4908f-b068-455e-a3f5-38cc5e00448f System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-VMSS-Monitoring BuiltIn PolicySet: Legacy - Enable Azure Monitor for Virtual Machine Scale Sets (75714362-cae7-409e-9b99-a8e5075b7fad) 1 (Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870)) false
1e94c5fb-a02b-4a89-a2f0-51299f787f8b Deploy-WS-Arc-Monitoring b0bdcb08-09c9-4d9d-957e-963d255e7220 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-WS-Arc-Monitoring BuiltIn Policy: Configure Log Analytics extension on Azure Arc enabled Windows servers (69af7d4a-7b18-4044-93a9-2651498ef203) 1 (Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed)) false
a8c80730-4404-4f4f-b37b-43a4b2e3f611 mi5640 c269faa6-e208-4ff7-a74b-0bd6902f2f50 User assigned Microsoft.ManagedIdentity/userAssignedIdentities isExplicit=True, /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourcegroups/ManagedIdentities/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mi5640 n/a 1 (Reader (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/51d44b26-f5d2-4c7e-ae24-ef25fc53613b))
e51a68e4-11b9-4062-b384-3a8e70a20825 Deploy-VM-Backup e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/policyAssignments/Deploy-VM-Backup BuiltIn Policy: Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy (98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86) 1 (Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5)) false
717c2b3f-1fb7-4a5f-acc8-fc60ea27f2be Deploy-Resource-Diag e51576ad-748d-462b-9d70-cb3b03e6c2e6 System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH/providers/Microsoft.Authorization/policyAssignments/Deploy-Resource-Diag Custom PolicySet: Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics) 1 (Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc)) false
cfec2d1c-98a6-45a3-80c5-8235afebb521 mi5639 f84fb916-e925-41d8-afdc-7bfa1a32d65a User assigned Microsoft.ManagedIdentity/userAssignedIdentities isExplicit=True, /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourcegroups/ManagedIdentities/providers/Microsoft.ManagedIdentity/userAssignedIdentities/mi5639 n/a 1 (Reader (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/0e7d83a8-0588-4ef3-8acd-4cddecf0076c))
cf80e92b-ae4e-4539-98c9-b7c6fe22b23d Deploy-AKS-Policy fb0a7498-393f-434d-aa93-2acd144f489f System assigned Microsoft.Authorization/policyAssignments isExplicit=False, /providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/policyAssignments/Deploy-AKS-Policy BuiltIn Policy: Deploy Azure Policy Add-on to Azure Kubernetes Service clusters (a8eff44f-8c92-45c3-a3fb-9880802d67a7) 1 (Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345)) false
Download CSV semicolon | comma
ApplicationId DisplayName Notes SP ObjectId App ObjectId Secrets Secrets expired Secrets expiry
<14d		 Secrets expiry
>14d & <2y		 Secrets expiry
>2y		 Certs Certs expired Certs expiry
<14d		 Certs expiry
>14d & <2y		 Certs expiry
>2y
2b213162-e349-461a-bc29-aefa7da6cb32 AzOps c295384a-33d9-475e-abaf-d2fb0274299a 3dd669f2-a512-4bb1-b52c-bc8a438e067b 3 3 0 0 0 0 0 0 0 0
29ce84ce-46a7-4c44-9be0-8a280150bf48 PolicyPipelineNonProd 192e9bab-be5b-4f6f-9e89-a4c80e638e43 5d3fc4d2-4be4-4014-beb0-c048ccf88ef1 1 1 0 0 0 0 0 0 0 0
2a19e27b-a532-4179-a66f-fdc38181e78c PolicyPipelineDev 3a4c97c7-ae6d-4d5a-a9c7-2bb2e0127fb4 8d18b45b-359d-4fe2-8d1c-10c585744a44 1 1 0 0 0 0 0 0 0 0
6356bd83-eb98-468d-80f3-83aaba46dac7 1234_DevOpsSP 506ae68a-a1f7-42f7-9285-c54ef56a3006 bc2dbbd9-f99e-450b-adb9-245f7f324223 0 0 0 0 0 0 0 0 0 0
45e04e83-291b-40f0-af6f-423c51337cce AzGovVizSPARK 527c7ca6-7a74-4b5d-bde2-7465ebb9915a b8997c96-efbf-49da-93c3-fccd44834d15 0 0 0 0 0 0 0 0 0 0
90ae32a4-bee9-4133-9657-9de8b215dc9e AzAdServicePrincipalInsights 59acc082-8e28-485e-8897-d2a17e03ed50 b6ae28a0-6011-4cc7-a555-d7c5b2fc39e8 7 3 0 4 0 0 0 0 0 0
2dbb0aa9-94f5-4e48-a9e5-d7534984c29e azgovvizADO 8a2f188e-5b60-45f1-b0c6-12cd0e59576e 13171803-9d36-49f3-8bc2-01146c40800f 3 0 0 3 0 0 0 0 0 0
1b4f8447-d818-44a3-8005-f93fbbd7a357 PolicyPipeline 90003bac-487c-4351-ad41-ed1f9e0446c1 521ec062-8dbc-49a9-a23a-ad6c2dd0a33a 1 1 0 0 0 0 0 0 0 0
b92a0a2f-8536-4134-b0fb-60ee0528d1b0 azgovvizwwcsecurity e261446e-77d2-4cf5-a32a-0fbef8ee1333 2d29aa1b-04bf-4770-922c-354724b38562 1 1 0 0 0 0 0 0 0 0
6d868d46-86ca-42db-8225-91730ce1870a AzGovVizAzDO efc7b786-0bc9-4d41-aacd-6a54d16f7229 35edaf62-3adb-4afb-bedb-8ff5997d3608 1 0 0 1 0 0 0 0 0 0
dfbef92f-9097-4272-95ae-eed835438fb1 azgvzGH f20c11bb-119b-4914-abaa-99df52ef4f09 73f930c6-89c3-4ccd-b644-6a00c47a2d08 2 1 0 1 0 0 0 0 0 0
Download CSV semicolon | comma
ApplicationId DisplayName SP ObjectId OrganizationId Role assignments
f77c2a8f-8a0a-4776-8e0a-bcb2549610ca RPSaaS Meta RP 91c60235-9208-499d-9887-416059ab970f f8cdef31-a31e-4b4a-93e4-5f571e91255a 1
01fc33a7-78ba-4d2f-a4b7-768e336e890e MS-PIM f70514be-80e6-46e8-b985-ce72f5ee8e09 f8cdef31-a31e-4b4a-93e4-5f571e91255a 1
Customize your Azure environment optimizations (Cost, Reliability & more) with Azure Optimization Engine (AOE)
Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (30d) Currency Subscriptions
Usage Microsoft.Security/pricings Advanced Threat Protection 1 0.01 EUR 1
Usage Microsoft.Storage/storageAccounts Storage 1 0.59 EUR 1
Download CSV semicolon | comma
Scope Scope Id Policy DisplayName PolicyId Category Effect Role definitions Unique assignments Used in PolicySets Created/Updated CreatedOn CreatedBy UpdatedOn UpdatedBy
Mg cust_t5 SQL managed instances deploy a specific min TLS version requirement. /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deploy-sqlmi-mintls SQL Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Owner 0 0 Created 09/09/2022 15:11:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg cust_t5 Public network access should be disabled for MariaDB /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb SQL Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0 Created 09/09/2022 15:09:45 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh-online ALZFake /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policydefinitions/7a2ec127-9921-445e-a3bb-91f7099f545d cust_fakeALZ_Locations Fixed: audit n/a 0 0 Created 09/08/2022 18:16:26 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg esjh-platform cust2_Deploy a default budget on all subscriptions under the assigned scope /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/policydefinitions/4a132703-b3fd-4228-aaaa-f46ebc34a324 Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled Contributor 0 0 Created 08/31/2022 18:02:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Sub 4dfa3b56-55bf-4059-802a-24e44a4fb60f cust_Deploy a default budget on all subscriptions under the assigned scope /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/1c5e347d-1d8f-4854-9d88-918455c3c983 ALZClone Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled Contributor 0 0 Created 08/31/2022 13:35:26 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Download CSV semicolon | comma
Scope ScopeId PolicySet DisplayName PolicySetId Category Unique assignments Policies used in PolicySet Created/Updated CreatedOn CreatedBy UpdatedOn UpdatedBy
Mg CUST_T5 Deny or Audit resources without Encryption with a customer-managed key (CMK) /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk Encryption 0 15 (Azure API for FHIR should use a customer-managed key to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/051cba44-2429-45b9-9649-46cec11c7119), Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources (/providers/microsoft.authorization/policydefinitions/0961003e-5a0a-4549-abde-af6a37f2724d), [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd), PostgreSQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274), Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f), Container registries should be encrypted with a customer-managed key (/providers/microsoft.authorization/policydefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580), Cognitive Services accounts should enable data encryption with a customer-managed key (/providers/microsoft.authorization/policydefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d), Storage accounts should use customer-managed key for encryption (/providers/microsoft.authorization/policydefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25), Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys (/providers/microsoft.authorization/policydefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67), MySQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833), Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password (/providers/microsoft.authorization/policydefinitions/86efb160-8de7-451d-bc08-5d475b0aadae), Azure Stream Analytics jobs should use customer-managed keys to encrypt data (/providers/microsoft.authorization/policydefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7), Azure Batch account should use customer-managed keys to encrypt data (/providers/microsoft.authorization/policydefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a), Azure Machine Learning workspaces should be encrypted with a customer-managed key (/providers/microsoft.authorization/policydefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8), Azure Synapse workspaces should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385)) Created 09/09/2022 15:15:00 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

0 Created/Updated Policy assignments

0 Created/Updated custom Role definitions

Download CSV semicolon | comma
Scope Role Role Id Role Type Data Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details PIM PIM assignment type PIM start PIM end Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
Res Storage Blob Data Reader 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1 Builtin true Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourcegroups/projectb/providers/microsoft.storage/storageaccounts/sa6749/providers/microsoft.authorization/roleassignments/a04a9b5a-9262-4b83-921b-b68d7f7b56a8 none 09/24/2022 13:14:24 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Mg Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct False /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct False /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/893d3984-7785-44dc-bcba-89a0baa2d38a none 09/15/2022 07:17:35 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
Download CSV semicolon | comma
ResourceType Resource Count Created&Changed Created&Changed Subs Created Created Subs Changed Changed Subs
microsoft.automation/automationaccounts 1 0 0 0 0 1 1
microsoft.storage/storageaccounts 2 1 1 1 1 2 2

Policy 0 Naming findings

Download CSV semicolon | comma
Id Name Name Invalid chars DisplayName DisplayName Invalid chars
/providers/Microsoft.Management/managementGroups/ESJH-landingzones/providers/Microsoft.Authorization/policySetDefinitions/1234_API_MG_RoleAssignment_onRGMatching_(1234_RG_CUST*) 1234_API_MG_RoleAssignment_onRGMatching_(1234_RG_CUST*) *
Download CSV semicolon | comma
Id Name Name Invalid chars DisplayName DisplayName Invalid chars
/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/Microsoft.Authorization/policyAssignments/DataProtectionSecurityCenter ASC DataProtection (subscription: a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2) :

Management Group 0 Naming findings

Subscription 0 Naming findings

RBAC 0 Naming Findings

DefinitionInsights

DefinitionInsights has been saved to dedicated HTML file 'wiki/AzGovViz_896470ca-9c6e-4176-9b38-5a655403c638_DefinitionInsights.html' (parameter -NoDefinitionInsightsDedicatedHTML = False)
Open DefinitionInsights

ScopeInsights

Highlight Management Group in HierarchyMap

Management Group Name: Tenant Root Group

Management Group Id: 896470ca-9c6e-4176-9b38-5a655403c638

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638

13 ManagementGroups below this scope

4 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: 28.57 Video , Blog , docs

No Management Group Diagnostic settings docs

   Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (30d) Currency Subscriptions
Usage Microsoft.Security/pricings Advanced Threat Protection 1 0.01 EUR 1
Usage Microsoft.Storage/storageAccounts Storage 1 0.59 EUR 1
   Download CSV semicolon | comma
ResourceType Location Count
microsoft.automation/automationaccounts westeurope 1
microsoft.automation/automationaccounts/runbooks westeurope 1
microsoft.keyvault/vaults westeurope 1
microsoft.logic/workflows northcentralus 1
microsoft.logic/workflows northeurope 1
microsoft.logic/workflows westeurope 1
microsoft.managedidentity/userassignedidentities northeurope 2
microsoft.managedidentity/userassignedidentities westeurope 2
microsoft.network/networksecuritygroups eastus 3
microsoft.network/networksecuritygroups northeurope 2
microsoft.network/networksecuritygroups southafricanorth 1
microsoft.network/networksecuritygroups westeurope 6
microsoft.network/networkwatchers northeurope 1
microsoft.network/networkwatchers westeurope 1
microsoft.network/routetables northcentralus 5
microsoft.network/routetables northeurope 1
microsoft.network/routetables southafricanorth 1
microsoft.network/routetables westeurope 3
microsoft.network/virtualnetworks northeurope 1
microsoft.network/virtualnetworks westeurope 1
microsoft.operationalinsights/workspaces westeurope 1
microsoft.operationsmanagement/solutions westeurope 10
microsoft.storage/storageaccounts eastus 1
microsoft.storage/storageaccounts northeurope 1
microsoft.storage/storageaccounts westeurope 1
microsoft.web/serverfarms westeurope 1
microsoft.web/sites westeurope 1
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.automation/automationaccounts 1 True True True JobLogs, JobStreams, DscNodeStatus, AuditEvent
microsoft.automation/automationaccounts/runbooks 1 False False False
microsoft.keyvault/vaults 1 True True True AuditEvent, AzurePolicyEvaluationDetails
microsoft.logic/workflows 3 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 4 False False False
microsoft.network/networksecuritygroups 12 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 2 False False False
microsoft.network/routetables 10 False False False
microsoft.network/virtualnetworks 2 True True True VMProtectionAlerts
microsoft.operationalinsights/workspaces 1 True True True Audit
microsoft.operationsmanagement/solutions 10 False False False
microsoft.storage/storageaccounts 3 True True False
microsoft.web/serverfarms 1 True True False
microsoft.web/sites 1 True True True AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Subscription Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Monitoring Important Automation accounts should collect platform diagnostic logs Consider configuring diagnostic settings to capture platform logs from Automation accounts. Fail
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Automation/automationAccounts 1 1 Security Data protection Important Encrypt automation variables Consider encrypting all automation account variables. Additionally consider, using Key Vault to store secrets. Key Vault improves security by tightly controlling access to secrets and improving management controls. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Awareness Use short lived web hooks An expiry time of 1 year is the default for webhook creation. Webhooks should be programmatically rotated at regular intervals - Microsoft recommends setting a shorter time than the default of 1 year. If authentication is required for a webhook consider implementing a pre-shared key in the header - or using an Azure Function. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Important Use managed identity for authentication Consider configure a managed identity for each Automation Account. Pass
Microsoft.Automation/automationAccounts 1 1 Security Monitor Important Audit Automation Account data access Consider configuring diagnostic settings to log access for Automation Account data. Fail
Microsoft.Automation/automationAccounts/runbooks 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Key names Consider using key names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault names Consider using names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Secret names Consider using secret names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Purge Protection Consider enabling purge protection on Key Vaults to enforce retention of vaults and vault items for up to 90 days. Fail
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Soft Delete Consider enabling soft delete on Key Vaults to enable recovery of vaults and vault items. Fail
Microsoft.KeyVault/vaults 1 1 Security Identity and access management Important Limit access to Key Vault data Consider assigning access to Key Vault data based on the principle of least privilege. Pass
Microsoft.KeyVault/vaults 1 1 Security Key and secret management Important Enable Key Vault key auto-rotation Consider enabling auto-rotation on Key Vault keys. Pass
Microsoft.KeyVault/vaults 1 1 Security Security operations Important Audit Key Vault data access Consider configuring diagnostic settings to log access for Key Vault data. Also consider, storing the access data into Azure Monitor and using Key Vault Analytics. Fail
Microsoft.Logic/workflows 3 3 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 4 3 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.ManagedIdentity/userAssignedIdentities 3 3 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 12 4 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added. Pass
Microsoft.Network/networkSecurityGroups 12 4 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/networkSecurityGroups 8 3 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 4 3 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 12 4 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet. Pass
Microsoft.Network/networkSecurityGroups 12 4 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts. Fail
Microsoft.Network/networkWatchers 2 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/routeTables 10 4 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/routeTables 10 4 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 2 2 Operational Excellence Repeatable infrastructure Awareness Use valid subnet names Consider using names that meet subnet naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 2 2 Operational Excellence Repeatable infrastructure Awareness Use valid VNET names Consider using names that meet Virtual Network naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 2 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 2 2 Reliability Availability Important Use local DNS servers Consider deploying redundant DNS services within a connected Azure VNET. Where possibly consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs. Alternatively consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure. Pass
Microsoft.Network/virtualNetworks 2 2 Reliability Availability Important Use redundant DNS servers Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced. Pass
Microsoft.Network/virtualNetworks 2 2 Security Network segmentation Critical Use NSGs on subnets For virtual network subnets, ensure that a network security groups (NSGs) are assigned. Pass
Microsoft.OperationalInsights/workspaces 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.OperationsManagement/solutions 10 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Storage/storageAccounts 3 2 Operational Excellence Repeatable infrastructure Awareness Use valid storage account names Consider using names that meet Storage Account naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Storage/storageAccounts 3 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Storage/storageAccounts 2 2 Reliability Data management Important Use blob soft delete Consider enabling soft delete on storage accounts to protect blobs from accidental deletion or modification. Fail
Microsoft.Storage/storageAccounts 2 2 Reliability Data management Important Use geo-replicated storage Consider using GRS for storage accounts that contain data. Fail
Microsoft.Storage/storageAccounts 2 2 Security Application endpoints Important Configure Azure Storage firewall Consider configuring storage firewall to restrict network access to permitted clients only. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 3 2 Security Authentication Important Disallow anonymous access to blob service Consider disallowing anonymous access to storage account blobs unless specifically required. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 3 2 Security Authentication Important Use private blob containers To provide secure access to data always use the Private access type (default). Also consider, disabling public access for the storage account. Pass
Microsoft.Storage/storageAccounts 3 2 Security Encryption Critical Storage Account minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 3 2 Security Encryption Important Enforce encrypted Storage connections Storage accounts should only accept secure traffic. Consider only accepting encrypted connections by setting the Secure transfer required option. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/serverFarms 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/serverFarms 1 1 Performance Efficiency Capacity planning Important Use App Service production SKU Consider using a standard or premium plan for hosting apps on Azure App Service. Fail
Microsoft.Web/serverFarms 1 1 Reliability Resiliency and dependencies Important Use two or more App Service Plan instances Consider using an App Service Plan with at least two (2) instances. Fail
Microsoft.Web/sites 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Disable Application Request Routing Azure App Service sites make use of Application Request Routing (ARR) by default. Consider disabling ARR affinity for stateless applications. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Use HTTP/2 connections for App Service apps Consider using HTTP/2 for Azure Services apps to improve protocol efficiency. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Important Use App Service Always On Consider enabling Always On for each App Services app. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use a dedicated health probe path Consider using a dedicated health probe endpoint that implements functional checks. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use health probes Consider configuring a health probe to monitor instance availability. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Enforce encrypted App Service connections When access using unencrypted HTTP connection is not required consider enabling HTTPS Only. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Web apps disable insecure FTP Consider disabling insecure FTP and configure SFTP only when required. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer .NET version Consider updating the site to use a newer .NET version such as v6.0. Pass
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer PHP runtime version Consider updating the site to use a newer PHP runtime version such as 7.4. Pass
Microsoft.Web/sites 1 1 Security Encryption Critical App Service minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Identity and access management Important App Service apps uses a managed identity Consider configuring a managed identity for each App Service app. Also consider using managed identities to authenticate to related Azure services. Fail
Microsoft.Web/sites 1 1 Security Security configuration Important Disable App Service remote debugging Consider disabling remote debugging when not in use. Pass

0 Policy assignments

0 PolicySet assignments

Policy Assignment Limit: 0/200

   Download CSV semicolon | comma
Policy DisplayName PolicyId Category ALZ Policy effect Role definitions Unique assignments Used in PolicySets
1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c false Fixed: deployIfNotExists 1234 RoleAssignmentSubscriptionOwner 3 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150, /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f) 0
Deny the creation of private DNS - cust /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/53568753-a797-45d7-a552-d55f4a398bbb Network-custom true Default: Deny; Allowed: Audit,Deny,Disabled n/a 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/d1212de8a8fd4184a8965eea) 1 (API - Deny the creation of private DNS - cust (/providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f))
DiagSubscriptionsDim /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/68b79a92-8932-4f15-88a6-0ed2675fa157 false Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Log Analytics Contributor 1 (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe) 0
My_AP_MG_raOnSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a RBAC false Fixed: deployIfNotExists 1234 RoleAssignmentSubscriptionOwner 1 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623) 0
myPipelinePolicy /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Cache false Default: Audit; Allowed: Audit,Deny n/a 1 (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01) 0
New Pipeline Policy /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 2 Cache false Default: Audit; Allowed: Audit,Deny n/a 0 0
test_Deploy Diagnostic Settings for Subscription to Storage Account /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/e1927c7a-e9e7-4657-9996-aff37b6560ed test_diag false Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled Storage Account Contributor, Monitoring Contributor 0 0

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: ESJH

Management Group Id: ESJH

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH

7 ManagementGroups below this scope

3 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

   Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (30d) Currency Subscriptions
Usage Microsoft.Storage/storageAccounts Storage 1 0.59 EUR 1
   Download CSV semicolon | comma
ResourceType Location Count
microsoft.automation/automationaccounts westeurope 1
microsoft.automation/automationaccounts/runbooks westeurope 1
microsoft.keyvault/vaults westeurope 1
microsoft.logic/workflows northcentralus 1
microsoft.logic/workflows northeurope 1
microsoft.managedidentity/userassignedidentities northeurope 2
microsoft.managedidentity/userassignedidentities westeurope 1
microsoft.network/networksecuritygroups eastus 3
microsoft.network/networksecuritygroups northeurope 1
microsoft.network/networksecuritygroups westeurope 3
microsoft.network/networkwatchers northeurope 1
microsoft.network/networkwatchers westeurope 1
microsoft.network/routetables northcentralus 5
microsoft.network/routetables northeurope 1
microsoft.network/routetables southafricanorth 1
microsoft.network/routetables westeurope 2
microsoft.network/virtualnetworks northeurope 1
microsoft.network/virtualnetworks westeurope 1
microsoft.operationalinsights/workspaces westeurope 1
microsoft.operationsmanagement/solutions westeurope 10
microsoft.storage/storageaccounts eastus 1
microsoft.storage/storageaccounts northeurope 1
microsoft.storage/storageaccounts westeurope 1
microsoft.web/serverfarms westeurope 1
microsoft.web/sites westeurope 1
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.automation/automationaccounts 1 True True True JobLogs, JobStreams, DscNodeStatus, AuditEvent
microsoft.automation/automationaccounts/runbooks 1 False False False
microsoft.keyvault/vaults 1 True True True AuditEvent, AzurePolicyEvaluationDetails
microsoft.logic/workflows 2 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 3 False False False
microsoft.network/networksecuritygroups 7 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 2 False False False
microsoft.network/routetables 9 False False False
microsoft.network/virtualnetworks 2 True True True VMProtectionAlerts
microsoft.operationalinsights/workspaces 1 True True True Audit
microsoft.operationsmanagement/solutions 10 False False False
microsoft.storage/storageaccounts 3 True True False
microsoft.web/serverfarms 1 True True False
microsoft.web/sites 1 True True True AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Subscription Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Monitoring Important Automation accounts should collect platform diagnostic logs Consider configuring diagnostic settings to capture platform logs from Automation accounts. Fail
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Automation/automationAccounts 1 1 Security Data protection Important Encrypt automation variables Consider encrypting all automation account variables. Additionally consider, using Key Vault to store secrets. Key Vault improves security by tightly controlling access to secrets and improving management controls. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Awareness Use short lived web hooks An expiry time of 1 year is the default for webhook creation. Webhooks should be programmatically rotated at regular intervals - Microsoft recommends setting a shorter time than the default of 1 year. If authentication is required for a webhook consider implementing a pre-shared key in the header - or using an Azure Function. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Important Use managed identity for authentication Consider configure a managed identity for each Automation Account. Pass
Microsoft.Automation/automationAccounts 1 1 Security Monitor Important Audit Automation Account data access Consider configuring diagnostic settings to log access for Automation Account data. Fail
Microsoft.Automation/automationAccounts/runbooks 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Key names Consider using key names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault names Consider using names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Secret names Consider using secret names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Purge Protection Consider enabling purge protection on Key Vaults to enforce retention of vaults and vault items for up to 90 days. Fail
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Soft Delete Consider enabling soft delete on Key Vaults to enable recovery of vaults and vault items. Fail
Microsoft.KeyVault/vaults 1 1 Security Identity and access management Important Limit access to Key Vault data Consider assigning access to Key Vault data based on the principle of least privilege. Pass
Microsoft.KeyVault/vaults 1 1 Security Key and secret management Important Enable Key Vault key auto-rotation Consider enabling auto-rotation on Key Vault keys. Pass
Microsoft.KeyVault/vaults 1 1 Security Security operations Important Audit Key Vault data access Consider configuring diagnostic settings to log access for Key Vault data. Also consider, storing the access data into Azure Monitor and using Key Vault Analytics. Fail
Microsoft.Logic/workflows 2 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 3 2 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.ManagedIdentity/userAssignedIdentities 2 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 7 3 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added. Pass
Microsoft.Network/networkSecurityGroups 7 3 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/networkSecurityGroups 4 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 3 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 7 3 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet. Pass
Microsoft.Network/networkSecurityGroups 7 3 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts. Fail
Microsoft.Network/networkWatchers 2 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/routeTables 9 3 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/routeTables 9 3 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 2 2 Operational Excellence Repeatable infrastructure Awareness Use valid subnet names Consider using names that meet subnet naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 2 2 Operational Excellence Repeatable infrastructure Awareness Use valid VNET names Consider using names that meet Virtual Network naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 2 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 2 2 Reliability Availability Important Use local DNS servers Consider deploying redundant DNS services within a connected Azure VNET. Where possibly consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs. Alternatively consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure. Pass
Microsoft.Network/virtualNetworks 2 2 Reliability Availability Important Use redundant DNS servers Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced. Pass
Microsoft.Network/virtualNetworks 2 2 Security Network segmentation Critical Use NSGs on subnets For virtual network subnets, ensure that a network security groups (NSGs) are assigned. Pass
Microsoft.OperationalInsights/workspaces 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.OperationsManagement/solutions 10 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Storage/storageAccounts 3 2 Operational Excellence Repeatable infrastructure Awareness Use valid storage account names Consider using names that meet Storage Account naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Storage/storageAccounts 3 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Storage/storageAccounts 2 2 Reliability Data management Important Use blob soft delete Consider enabling soft delete on storage accounts to protect blobs from accidental deletion or modification. Fail
Microsoft.Storage/storageAccounts 2 2 Reliability Data management Important Use geo-replicated storage Consider using GRS for storage accounts that contain data. Fail
Microsoft.Storage/storageAccounts 2 2 Security Application endpoints Important Configure Azure Storage firewall Consider configuring storage firewall to restrict network access to permitted clients only. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 3 2 Security Authentication Important Disallow anonymous access to blob service Consider disallowing anonymous access to storage account blobs unless specifically required. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 3 2 Security Authentication Important Use private blob containers To provide secure access to data always use the Private access type (default). Also consider, disabling public access for the storage account. Pass
Microsoft.Storage/storageAccounts 3 2 Security Encryption Critical Storage Account minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 3 2 Security Encryption Important Enforce encrypted Storage connections Storage accounts should only accept secure traffic. Consider only accepting encrypted connections by setting the Secure transfer required option. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/serverFarms 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/serverFarms 1 1 Performance Efficiency Capacity planning Important Use App Service production SKU Consider using a standard or premium plan for hosting apps on Azure App Service. Fail
Microsoft.Web/serverFarms 1 1 Reliability Resiliency and dependencies Important Use two or more App Service Plan instances Consider using an App Service Plan with at least two (2) instances. Fail
Microsoft.Web/sites 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Disable Application Request Routing Azure App Service sites make use of Application Request Routing (ARR) by default. Consider disabling ARR affinity for stateless applications. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Use HTTP/2 connections for App Service apps Consider using HTTP/2 for Azure Services apps to improve protocol efficiency. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Important Use App Service Always On Consider enabling Always On for each App Services app. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use a dedicated health probe path Consider using a dedicated health probe endpoint that implements functional checks. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use health probes Consider configuring a health probe to monitor instance availability. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Enforce encrypted App Service connections When access using unencrypted HTTP connection is not required consider enabling HTTPS Only. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Web apps disable insecure FTP Consider disabling insecure FTP and configure SFTP only when required. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer .NET version Consider updating the site to use a newer .NET version such as v6.0. Pass
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer PHP runtime version Consider updating the site to use a newer PHP runtime version such as 7.4. Pass
Microsoft.Web/sites 1 1 Security Encryption Critical App Service minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Identity and access management Important App Service apps uses a managed identity Consider configuring a managed identity for each App Service app. Also consider using managed identities to authenticate to related Azure services. Fail
Microsoft.Web/sites 1 1 Security Security configuration Important Disable App Service remote debugging Consider disabling remote debugging when not in use. Pass
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
thisScope Mg false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 3 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 3 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 3 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
thisScope Mg false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 45 9 26 2 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 3 4 3 12 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
thisScope Mg false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149

Policy Assignment Limit: 9/200

   Download CSV semicolon | comma
Policy DisplayName PolicyId Category ALZ Policy effect Role definitions Unique assignments Used in PolicySets
1234_AP_MG_RA_onRG_(1234_RG_CUST) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/1234_ap_mg_ra_onrg_(1234_rg_cust) 1234_RgRoleAssignment false Fixed: deployIfNotExists Owner 0 2 (1234_API_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust)), 1234_API_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust)))
Application Gateway should be deployed with WAF enabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-appgw-without-waf Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0
Deny the creation of private DNS /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-private-dns-zones Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 1 (API - Deny the creation of private DNS - cust (/providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f))
Deny the creation of public IP /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicip Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0
Deny vNet peering /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-erpeering Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0
Deploy a default budget on subscriptions /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-budget Budget true Fixed: DeployIfNotExists Contributor 0 0
Deploy an Azure DDoS Protection Standard plan /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-ddosprotection Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0
Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Security Center true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Security Admin 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security) 0
Deploy Azure Firewall Manager policy in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-firewallpolicy Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0
Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log) 0
Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for API Management to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for App Service to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Automation to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Batch to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Container Instances to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Container Registry to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Data Factory to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Databricks to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Firewall to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Front Door to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for HDInsight to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Key Vault to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for MariaDB to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Relay to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Search Services to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for SignalR to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 1 (Deploy Diagnostic Settings to Azure Services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics))
Deploy DNS Zone Group for Key Vault Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-keyvault-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0
Deploy DNS Zone Group for SQL Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-sql-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0
Deploy DNS Zone Group for Storage-Blob Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-table-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0
Deploy DNS Zone Group for Storage-File Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-file-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0
Deploy DNS Zone Group for Storage-Queue Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-queue-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0
Deploy DNS Zone Group for Storage-Blob Private Endpoint /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-dnszonegroup-for-blob-privateendpoint Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Private DNS Zone Contributor 0 0
Deploy spoke network with configuration to hub network based on ipam configuration object /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0
Deploy SQL database auditing settings /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-auditingsettings SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security))
Deploy SQL Database security Alert Policies configuration with email admin accounts /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-securityalertpolicies SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security))
Deploy SQL Database Transparent Data Encryption /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-tde SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security))
Deploy SQL Database vulnerability Assessments /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-vulnerabilityassessments SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled SQL Security Manager, Monitoring Contributor 0 1 (Deploy SQL Database built-in SQL security configuration (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security))
Deploy the configurations to the Log Analytics in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-la-config Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 0
Deploy the Log Analytics in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 1 (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics) 0
Deploy the Virtual WAN in the specific region /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vwan Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0
Deploy Virtual Hub network with Virtual Wan and Gateway and Firewall configured. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vhub Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0
Deploy Virtual Network to be used as hub virtual network in desired region /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-hub Network true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Network Contributor 0 0
Deploy Windows Domain Join Extension with keyvault configuration /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-windows-domainjoin Guest Configuration true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Virtual Machine Contributor 0 0
Deploys NSG flow logs and traffic analytics /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-nsg-flowlogs Monitoring true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Monitoring Contributor, Log Analytics Contributor 0 0
Deploys virtual network peering to hub /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-vnet-hubspoke Network true Fixed: deployIfNotExists Contributor 0 0
Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope false Fixed: deployIfNotExists Owner 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0) 0
KeyVault SoftDelete should be enabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/append-kv-softdelete Key Vault true Fixed: append n/a 0 0
No child resources in Automation Account /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-aa-child-resources true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0
Public network access on AKS API should be disabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks Kubernetes true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints))
Public network access on Azure SQL Database should be disabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints))
Public network access onStorage accounts should be disabled /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage Storage true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints))
Public network access should be disabled for CosmosDB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints))
Public network access should be disabled for KeyVault /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault Key Vault true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints))
Public network access should be disabled for MariaDB /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints))
Public network access should be disabled for MySQL /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints))
Public network access should be disabled for PostgreSql /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 2 (Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*)), Public network access should be disabled for PAAS services (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints))
RDP access from the Internet should be blocked /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 1 (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet) 0
Subnets should have a Network Security Group /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Network true Default: Deny; Allowed: Audit,Deny,Disabled n/a 1 (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg) 0
   Download CSV semicolon | comma
PolicySet DisplayName PolicySetId Category ALZ Unique assignments Policies Used
1234_API_MG_RA_onRG_(1234_RG_CUST) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust) 1234_RgRoleAssignment false 2 (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f, /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466) 2 (1234_AP_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/1234_ap_mg_ra_onrg_(1234_rg_cust)), 1234_AP_MG_RA_onRG_(1234_RG_CUST) (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/1234_ap_mg_ra_onrg_(1234_rg_cust)))
Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Monitoring true 1 (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag) 55 (Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice), Deploy Diagnostic Settings for API Management to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt), Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm), Deploy Diagnostic Settings for App Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website), Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway), Deploy Diagnostic Settings for Automation to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa), Deploy Diagnostic Settings for Azure Data Lake Store to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datalakestore), Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function), Deploy Diagnostic Settings for Batch to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-batch), Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints), Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices), Deploy Diagnostic Settings for Container Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci), Deploy Diagnostic Settings for Container Registry to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr), Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb), Deploy Diagnostic Settings for Data Factory to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory), Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics), Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql), Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql), Deploy Diagnostic Settings for Databricks to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks), Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub), Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic), Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic), Deploy Diagnostic Settings for Event Hubs to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventhub), Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute), Deploy Diagnostic Settings for Firewall to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall), Deploy Diagnostic Settings for Front Door to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor), Deploy Diagnostic Settings for HDInsight to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight), Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub), Deploy Diagnostic Settings for Key Vault to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-keyvault), Deploy Diagnostic Settings for Kubernetes Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aks), Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer), Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise), Deploy Diagnostic Settings for Logic Apps Workflow runtime to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappswf), Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace), Deploy Diagnostic Settings for MariaDB to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb), Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic), Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups), Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded), Deploy Diagnostic Settings for Public IP addresses to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-publicip), Deploy Diagnostic Settings for Recovery Services vaults to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-recoveryvault), Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache), Deploy Diagnostic Settings for Relay to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay), Deploy Diagnostic Settings for Search Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-searchservices), Deploy Diagnostic Settings for Service Bus namespaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-servicebus), Deploy Diagnostic Settings for SignalR to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr), Deploy Diagnostic Settings for SQL Databases to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqldbs), Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools), Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi), Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-streamanalytics), Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights), Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager), Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss), Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm), Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork), Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw))
Deploy SQL Database built-in SQL security configuration /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-sql-security SQL true 0 4 (Deploy SQL database auditing settings (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-auditingsettings), Deploy SQL Database security Alert Policies configuration with email admin accounts (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-securityalertpolicies), Deploy SQL Database Transparent Data Encryption (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-tde), Deploy SQL Database vulnerability Assessments (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-sql-vulnerabilityassessments))
Public network access should be disabled for PAAS services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deny-publicendpoints Network false 0 8 (Public network access on AKS API should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks), Public network access on Azure SQL Database should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql), Public network access onStorage accounts should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage), Public network access should be disabled for CosmosDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb), Public network access should be disabled for KeyVault (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault), Public network access should be disabled for MariaDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb), Public network access should be disabled for MySQL (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql), Public network access should be disabled for PostgreSql (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql))

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: ESJH-decommissioned

Management Group Id: ESJH-decommissioned

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-decommissioned

0 ManagementGroups below this scope

0 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

No Consumption data available for Subscriptions under this ManagementGroup

0 ResourceTypes (all Subscriptions below this scope)

0 ResourceTypes (1st party) Diagnostics capable (all Subscriptions below this scope)

No PSRule for Azure results

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 0 0 0 0 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149

Policy Assignment Limit: 0/200

0 Custom Policy definitions scoped

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Security Reader 39bc4728-0917-49c7-9d2c-d95423bc2eb4 Builtin false False Jesse James Jesse.James@AzGovViz.onmicrosoft.com 6f71f3b7-98e1-4821-8116-13b41476ef84 User Member direct /providers/microsoft.management/managementgroups/esjh-decommissioned/providers/microsoft.authorization/roleassignments/9bdf3098-8e69-4e98-bd8c-22b991783b10 none 06/16/2021 09:52:59 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-decommissioned/providers/microsoft.authorization/roleassignments/81bb9ace-a96d-47ab-b9a2-8952e655aa0c none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: ESJH-landingzones

Management Group Id: ESJH-landingzones

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones

1 ManagementGroups below this scope

2 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

   Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (30d) Currency Subscriptions
Usage Microsoft.Storage/storageAccounts Storage 1 0.59 EUR 1
   Download CSV semicolon | comma
ResourceType Location Count
microsoft.keyvault/vaults westeurope 1
microsoft.logic/workflows northeurope 1
microsoft.managedidentity/userassignedidentities northeurope 1
microsoft.managedidentity/userassignedidentities westeurope 1
microsoft.network/networksecuritygroups eastus 3
microsoft.network/networksecuritygroups westeurope 2
microsoft.network/networkwatchers northeurope 1
microsoft.network/routetables northcentralus 2
microsoft.network/routetables northeurope 1
microsoft.network/routetables westeurope 2
microsoft.network/virtualnetworks northeurope 1
microsoft.storage/storageaccounts northeurope 1
microsoft.storage/storageaccounts westeurope 1
microsoft.web/serverfarms westeurope 1
microsoft.web/sites westeurope 1
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.keyvault/vaults 1 True True True AuditEvent, AzurePolicyEvaluationDetails
microsoft.logic/workflows 1 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 2 False False False
microsoft.network/networksecuritygroups 5 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 1 False False False
microsoft.network/routetables 5 False False False
microsoft.network/virtualnetworks 1 True True True VMProtectionAlerts
microsoft.storage/storageaccounts 2 True True False
microsoft.web/serverfarms 1 True True False
microsoft.web/sites 1 True True True AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Subscription Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Key names Consider using key names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault names Consider using names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Secret names Consider using secret names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Purge Protection Consider enabling purge protection on Key Vaults to enforce retention of vaults and vault items for up to 90 days. Fail
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Soft Delete Consider enabling soft delete on Key Vaults to enable recovery of vaults and vault items. Fail
Microsoft.KeyVault/vaults 1 1 Security Identity and access management Important Limit access to Key Vault data Consider assigning access to Key Vault data based on the principle of least privilege. Pass
Microsoft.KeyVault/vaults 1 1 Security Key and secret management Important Enable Key Vault key auto-rotation Consider enabling auto-rotation on Key Vault keys. Pass
Microsoft.KeyVault/vaults 1 1 Security Security operations Important Audit Key Vault data access Consider configuring diagnostic settings to log access for Key Vault data. Also consider, storing the access data into Azure Monitor and using Key Vault Analytics. Fail
Microsoft.Logic/workflows 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 2 1 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 5 2 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added. Pass
Microsoft.Network/networkSecurityGroups 5 2 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/networkSecurityGroups 2 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 3 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 5 2 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet. Pass
Microsoft.Network/networkSecurityGroups 5 2 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts. Fail
Microsoft.Network/networkWatchers 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/routeTables 5 2 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/routeTables 5 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid subnet names Consider using names that meet subnet naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid VNET names Consider using names that meet Virtual Network naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 1 1 Reliability Availability Important Use local DNS servers Consider deploying redundant DNS services within a connected Azure VNET. Where possibly consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs. Alternatively consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure. Pass
Microsoft.Network/virtualNetworks 1 1 Reliability Availability Important Use redundant DNS servers Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced. Pass
Microsoft.Network/virtualNetworks 1 1 Security Network segmentation Critical Use NSGs on subnets For virtual network subnets, ensure that a network security groups (NSGs) are assigned. Pass
Microsoft.Storage/storageAccounts 2 1 Operational Excellence Repeatable infrastructure Awareness Use valid storage account names Consider using names that meet Storage Account naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Storage/storageAccounts 2 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Storage/storageAccounts 1 1 Reliability Data management Important Use blob soft delete Consider enabling soft delete on storage accounts to protect blobs from accidental deletion or modification. Fail
Microsoft.Storage/storageAccounts 1 1 Reliability Data management Important Use geo-replicated storage Consider using GRS for storage accounts that contain data. Fail
Microsoft.Storage/storageAccounts 1 1 Security Application endpoints Important Configure Azure Storage firewall Consider configuring storage firewall to restrict network access to permitted clients only. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 2 1 Security Authentication Important Disallow anonymous access to blob service Consider disallowing anonymous access to storage account blobs unless specifically required. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 2 1 Security Authentication Important Use private blob containers To provide secure access to data always use the Private access type (default). Also consider, disabling public access for the storage account. Pass
Microsoft.Storage/storageAccounts 2 1 Security Encryption Critical Storage Account minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 2 1 Security Encryption Important Enforce encrypted Storage connections Storage accounts should only accept secure traffic. Consider only accepting encrypted connections by setting the Secure transfer required option. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/serverFarms 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/serverFarms 1 1 Performance Efficiency Capacity planning Important Use App Service production SKU Consider using a standard or premium plan for hosting apps on Azure App Service. Fail
Microsoft.Web/serverFarms 1 1 Reliability Resiliency and dependencies Important Use two or more App Service Plan instances Consider using an App Service Plan with at least two (2) instances. Fail
Microsoft.Web/sites 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Disable Application Request Routing Azure App Service sites make use of Application Request Routing (ARR) by default. Consider disabling ARR affinity for stateless applications. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Use HTTP/2 connections for App Service apps Consider using HTTP/2 for Azure Services apps to improve protocol efficiency. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Important Use App Service Always On Consider enabling Always On for each App Services app. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use a dedicated health probe path Consider using a dedicated health probe endpoint that implements functional checks. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use health probes Consider configuring a health probe to monitor instance availability. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Enforce encrypted App Service connections When access using unencrypted HTTP connection is not required consider enabling HTTPS Only. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Web apps disable insecure FTP Consider disabling insecure FTP and configure SFTP only when required. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer .NET version Consider updating the site to use a newer .NET version such as v6.0. Pass
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer PHP runtime version Consider updating the site to use a newer PHP runtime version such as 7.4. Pass
Microsoft.Web/sites 1 1 Security Encryption Critical App Service minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Identity and access management Important App Service apps uses a managed identity Consider configuring a managed identity for each App Service app. Also consider using managed identities to authenticate to related Azure services. Fail
Microsoft.Web/sites 1 1 Security Security configuration Important Disable App Service remote debugging Consider disabling remote debugging when not in use. Pass
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
thisScope Mg false false Network interfaces should disable IP forwarding /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 BuiltIn Network False deny Default 0 0 0 0 0 none Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Kubernetes clusters should not allow container privilege escalation /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Kubernetes cluster should not allow privileged containers /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false RDP access from the Internet should be blocked /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Custom Network true Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Secure transfer to storage accounts should be enabled /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 BuiltIn Storage False Audit Default 0 0 0 0 0 none Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 01/25/2021 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Subnets should have a Network Security Group /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Custom Network true Deny Default 1 0 1 0 0 none Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 BuiltIn Kubernetes False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Auditing on SQL server should be enabled /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 BuiltIn SQL False AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 BuiltIn Backup False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 01/10/2021 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Kubernetes clusters should be accessible only over HTTPS /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Mg false false Deploy SQL DB transparent data encryption /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f BuiltIn SQL False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 2 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 2 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 2 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 45 9 17 1 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 2 4 2 8 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149

Policy Assignment Limit: 11/200

0 Custom Policy definitions scoped

   Download CSV semicolon | comma
PolicySet DisplayName PolicySetId Category ALZ Unique assignments Policies Used
Public network access should be disabled for PAAS services /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_roleassignment_onrgmatching_(1234_rg_cust*) false 0 8 (Public network access on AKS API should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-aks), Public network access on Azure SQL Database should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-sql), Public network access onStorage accounts should be disabled (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-storage), Public network access should be disabled for CosmosDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-cosmosdb), Public network access should be disabled for KeyVault (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-keyvault), Public network access should be disabled for MariaDB (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb), Public network access should be disabled for MySQL (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mysql), Public network access should be disabled for PostgreSql (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-postgresql))

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Default Management Group docs

Management Group Name: ESJH-online

Management Group Id: ESJH-online

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online

0 ManagementGroups below this scope

2 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

   Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (30d) Currency Subscriptions
Usage Microsoft.Storage/storageAccounts Storage 1 0.59 EUR 1
   Download CSV semicolon | comma
ResourceType Location Count
microsoft.keyvault/vaults westeurope 1
microsoft.logic/workflows northeurope 1
microsoft.managedidentity/userassignedidentities northeurope 1
microsoft.managedidentity/userassignedidentities westeurope 1
microsoft.network/networksecuritygroups eastus 3
microsoft.network/networksecuritygroups westeurope 2
microsoft.network/networkwatchers northeurope 1
microsoft.network/routetables northcentralus 2
microsoft.network/routetables northeurope 1
microsoft.network/routetables westeurope 2
microsoft.network/virtualnetworks northeurope 1
microsoft.storage/storageaccounts northeurope 1
microsoft.storage/storageaccounts westeurope 1
microsoft.web/serverfarms westeurope 1
microsoft.web/sites westeurope 1
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.keyvault/vaults 1 True True True AuditEvent, AzurePolicyEvaluationDetails
microsoft.logic/workflows 1 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 2 False False False
microsoft.network/networksecuritygroups 5 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 1 False False False
microsoft.network/routetables 5 False False False
microsoft.network/virtualnetworks 1 True True True VMProtectionAlerts
microsoft.storage/storageaccounts 2 True True False
microsoft.web/serverfarms 1 True True False
microsoft.web/sites 1 True True True AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Subscription Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Key names Consider using key names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault names Consider using names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault Secret names Consider using secret names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.KeyVault/vaults 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Purge Protection Consider enabling purge protection on Key Vaults to enforce retention of vaults and vault items for up to 90 days. Fail
Microsoft.KeyVault/vaults 1 1 Reliability Data management Important Use Key Vault Soft Delete Consider enabling soft delete on Key Vaults to enable recovery of vaults and vault items. Fail
Microsoft.KeyVault/vaults 1 1 Security Identity and access management Important Limit access to Key Vault data Consider assigning access to Key Vault data based on the principle of least privilege. Pass
Microsoft.KeyVault/vaults 1 1 Security Key and secret management Important Enable Key Vault key auto-rotation Consider enabling auto-rotation on Key Vault keys. Pass
Microsoft.KeyVault/vaults 1 1 Security Security operations Important Audit Key Vault data access Consider configuring diagnostic settings to log access for Key Vault data. Also consider, storing the access data into Azure Monitor and using Key Vault Analytics. Fail
Microsoft.Logic/workflows 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 2 1 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 5 2 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added. Pass
Microsoft.Network/networkSecurityGroups 5 2 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/networkSecurityGroups 2 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 3 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 5 2 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet. Pass
Microsoft.Network/networkSecurityGroups 5 2 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts. Fail
Microsoft.Network/networkWatchers 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/routeTables 5 2 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/routeTables 5 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid subnet names Consider using names that meet subnet naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid VNET names Consider using names that meet Virtual Network naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 1 1 Reliability Availability Important Use local DNS servers Consider deploying redundant DNS services within a connected Azure VNET. Where possibly consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs. Alternatively consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure. Pass
Microsoft.Network/virtualNetworks 1 1 Reliability Availability Important Use redundant DNS servers Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced. Pass
Microsoft.Network/virtualNetworks 1 1 Security Network segmentation Critical Use NSGs on subnets For virtual network subnets, ensure that a network security groups (NSGs) are assigned. Pass
Microsoft.Storage/storageAccounts 2 1 Operational Excellence Repeatable infrastructure Awareness Use valid storage account names Consider using names that meet Storage Account naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Storage/storageAccounts 2 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Storage/storageAccounts 1 1 Reliability Data management Important Use blob soft delete Consider enabling soft delete on storage accounts to protect blobs from accidental deletion or modification. Fail
Microsoft.Storage/storageAccounts 1 1 Reliability Data management Important Use geo-replicated storage Consider using GRS for storage accounts that contain data. Fail
Microsoft.Storage/storageAccounts 1 1 Security Application endpoints Important Configure Azure Storage firewall Consider configuring storage firewall to restrict network access to permitted clients only. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 2 1 Security Authentication Important Disallow anonymous access to blob service Consider disallowing anonymous access to storage account blobs unless specifically required. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 2 1 Security Authentication Important Use private blob containers To provide secure access to data always use the Private access type (default). Also consider, disabling public access for the storage account. Pass
Microsoft.Storage/storageAccounts 2 1 Security Encryption Critical Storage Account minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 2 1 Security Encryption Important Enforce encrypted Storage connections Storage accounts should only accept secure traffic. Consider only accepting encrypted connections by setting the Secure transfer required option. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/serverFarms 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/serverFarms 1 1 Performance Efficiency Capacity planning Important Use App Service production SKU Consider using a standard or premium plan for hosting apps on Azure App Service. Fail
Microsoft.Web/serverFarms 1 1 Reliability Resiliency and dependencies Important Use two or more App Service Plan instances Consider using an App Service Plan with at least two (2) instances. Fail
Microsoft.Web/sites 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Disable Application Request Routing Azure App Service sites make use of Application Request Routing (ARR) by default. Consider disabling ARR affinity for stateless applications. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Awareness Use HTTP/2 connections for App Service apps Consider using HTTP/2 for Azure Services apps to improve protocol efficiency. Fail
Microsoft.Web/sites 1 1 Performance Efficiency Application design Important Use App Service Always On Consider enabling Always On for each App Services app. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use a dedicated health probe path Consider using a dedicated health probe endpoint that implements functional checks. Fail
Microsoft.Web/sites 1 1 Reliability Load balancing and failover Important Web apps use health probes Consider configuring a health probe to monitor instance availability. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Enforce encrypted App Service connections When access using unencrypted HTTP connection is not required consider enabling HTTPS Only. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Data protection Important Web apps disable insecure FTP Consider disabling insecure FTP and configure SFTP only when required. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer .NET version Consider updating the site to use a newer .NET version such as v6.0. Pass
Microsoft.Web/sites 1 1 Security Deployment Important Use a newer PHP runtime version Consider updating the site to use a newer PHP runtime version such as 7.4. Pass
Microsoft.Web/sites 1 1 Security Encryption Critical App Service minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider using Azure Policy to audit or enforce this configuration. Fail
Microsoft.Web/sites 1 1 Security Identity and access management Important App Service apps uses a managed identity Consider configuring a managed identity for each App Service app. Also consider using managed identities to authenticate to related Azure services. Fail
Microsoft.Web/sites 1 1 Security Security configuration Important Disable App Service remote debugging Consider disabling remote debugging when not in use. Pass
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH-landingzones false false Network interfaces should disable IP forwarding /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 BuiltIn Network False deny Default 0 0 0 0 0 none Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Kubernetes clusters should not allow container privilege escalation /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Kubernetes cluster should not allow privileged containers /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false RDP access from the Internet should be blocked /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Custom Network true Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Secure transfer to storage accounts should be enabled /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 BuiltIn Storage False Audit Default 0 0 0 0 0 none Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 01/25/2021 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Subnets should have a Network Security Group /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Custom Network true Deny Default 1 0 1 0 0 none Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 BuiltIn Kubernetes False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Auditing on SQL server should be enabled /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 BuiltIn SQL False AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 BuiltIn Backup False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 01/10/2021 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Kubernetes clusters should be accessible only over HTTPS /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Deploy SQL DB transparent data encryption /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f BuiltIn SQL False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 2 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 2 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 2 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 45 9 17 1 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 2 4 2 8 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149

Policy Assignment Limit: 0/200

   Download CSV semicolon | comma
Policy DisplayName PolicyId Category ALZ Policy effect Role definitions Unique assignments Used in PolicySets
ALZFake /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policydefinitions/7a2ec127-9921-445e-a3bb-91f7099f545d cust_fakeALZ_Locations true Fixed: audit n/a 0 0
   Download CSV semicolon | comma
PolicySet DisplayName PolicySetId Category ALZ Unique assignments Policies Used
API - Deny the creation of private DNS - cust /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f Network-custom false 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/fab7aac62c1d419d87835c61) 2 (Deny the creation of private DNS - cust (/providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/53568753-a797-45d7-a552-d55f4a398bbb), Deny the creation of private DNS (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-private-dns-zones))

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/roleassignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 none 01/10/2021 20:57:02 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)

Highlight Subscription in HierarchyMap

Subscription Name: landingZone

Subscription Id: 4dfa3b56-55bf-4059-802a-24e44a4fb60f

Subscription Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f

State: Enabled

QuotaId: PayAsYouGo_2014-09-01

Microsoft Defender for Cloud Secure Score: 5 of 19 points Video , Blog , docs

   Download CSV semicolon | comma
Plan Tier
AppServices Free
Arm Free
CloudPosture Free
ContainerRegistry Free
Containers Free
CosmosDbs Free
Dns Free
KeyVaults Free
KubernetesService Free
OpenSourceRelationalDatabases Free
SqlServers Free
SqlServerVirtualMachines Free
StorageAccounts Free
VirtualMachines Free
   Download CSV semicolon | comma
Diagnostic setting Target Target Id Administrative Alert Autoscale Policy Recommendation ResourceHealth Security ServiceHealth
subscriptionToLa LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true true true true true true true
   Download CSV semicolon | comma
Tag Name Tag Value
costCenter 4711
existingtag blaaa
TechnicalContact me
testtag testvalue5
testtag2 blub
   Resource naming and tagging decision guide docs
   Download CSV semicolon | comma
Scope TagName Count
Resource costCenter 1
Resource existingtag 2
Resource ms-resource-usage 1
Resource Responsible 2
Resource tagKey1 2
Resource tagKey2 2
Resource testtag 1
Resource testtag2 2
Resource testtagbase 1
ResourceGroup existingtag 1
ResourceGroup Responsible 1
ResourceGroup testtag 1
ResourceGroup testtag2 1
Subscription costCenter 1
Subscription existingtag 1
Subscription TechnicalContact 1
Subscription testtag 1
Subscription testtag2 1
   Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (30d) Currency
Usage Microsoft.Storage/storageAccounts Storage 1 0.59 EUR

798 Resource Groups | Limit: (798/980)

   Download CSV semicolon | comma
Provider State
Microsoft.Management Registered
microsoft.insights Registered
Microsoft.Security Registered
Microsoft.PolicyInsights Registered
Microsoft.Network Registered
Microsoft.Storage Registered
Microsoft.ManagedIdentity Registered
Microsoft.AAD Registered
microsoft.aadiam Registered
Microsoft.Addons Registered
Microsoft.Advisor Registered
Microsoft.AgFoodPlatform Registered
Microsoft.AlertsManagement Registered
Microsoft.AnalysisServices Registered
Microsoft.AnyBuild Registered
Microsoft.ApiManagement Registered
Microsoft.AppAssessment Registered
Microsoft.AppConfiguration Registered
Microsoft.AppPlatform Registered
Microsoft.Attestation Registered
Microsoft.Automanage Registered
Microsoft.Automation Registered
Microsoft.AutonomousDevelopmentPlatform Registered
Microsoft.AutonomousSystems Registered
Microsoft.AVS Registered
Microsoft.AzureActiveDirectory Registered
Microsoft.AzureArcData Registered
Microsoft.AzureCIS Registered
Microsoft.AzureData Registered
Microsoft.AzureSphere Registered
Microsoft.AzureStack Registered
Microsoft.AzureStackHCI Registered
Microsoft.BareMetalInfrastructure Registered
Microsoft.Batch Registered
Microsoft.Bing Registered
Microsoft.BlockchainTokens Registered
Microsoft.Blueprint Registered
Microsoft.BotService Registered
Microsoft.Cache Registered
Microsoft.Capacity Registered
Microsoft.Cascade Registered
Microsoft.Cdn Registered
Microsoft.CertificateRegistration Registered
Microsoft.ChangeAnalysis Registered
Microsoft.Chaos Registered
Microsoft.ClassicCompute Registered
Microsoft.ClassicInfrastructureMigrate Registered
Microsoft.ClassicNetwork Registered
Microsoft.ClassicStorage Registered
Microsoft.Codespaces Registered
Microsoft.CognitiveServices Registered
Microsoft.Communication Registered
Microsoft.Compute Registered
Microsoft.ConfidentialLedger Registered
Microsoft.Confluent Registered
Microsoft.ConnectedCache Registered
Microsoft.ConnectedVehicle Registered
Microsoft.ConnectedVMwarevSphere Registered
Microsoft.ContainerInstance Registered
Microsoft.ContainerRegistry Registered
Microsoft.ContainerService Registered
Microsoft.CostManagementExports Registered
Microsoft.CustomerLockbox Registered
Microsoft.CustomProviders Registered
Microsoft.D365CustomerInsights Registered
Microsoft.DataBox Registered
Microsoft.DataBoxEdge Registered
Microsoft.Databricks Registered
Microsoft.DataCatalog Registered
Microsoft.DataCollaboration Registered
Microsoft.Datadog Registered
Microsoft.DataFactory Registered
Microsoft.DataLakeAnalytics Registered
Microsoft.DataLakeStore Registered
Microsoft.DataMigration Registered
Microsoft.DataProtection Registered
Microsoft.DataShare Registered
Microsoft.DBforMariaDB Registered
Microsoft.DBforMySQL Registered
Microsoft.DBforPostgreSQL Registered
Microsoft.DelegatedNetwork Registered
Microsoft.DeploymentManager Registered
Microsoft.DesktopVirtualization Registered
Microsoft.Devices Registered
Microsoft.DeviceUpdate Registered
Microsoft.DevOps Registered
Microsoft.DevTestLab Registered
Microsoft.Diagnostics Registered
Microsoft.DigitalTwins Registered
Microsoft.DocumentDB Registered
Microsoft.DomainRegistration Registered
Microsoft.Elastic Registered
Microsoft.EventGrid Registered
Microsoft.EventHub Registered
Microsoft.ExtendedLocation Registered
Microsoft.Falcon Registered
Microsoft.GuestConfiguration Registered
Microsoft.HanaOnAzure Registered
Microsoft.HardwareSecurityModules Registered
Microsoft.HDInsight Registered
Microsoft.HealthBot Registered
Microsoft.HealthcareApis Registered
Microsoft.HybridCompute Registered
Microsoft.HybridData Registered
Microsoft.HybridNetwork Registered
Microsoft.ImportExport Registered
Microsoft.IntelligentITDigitalTwin Registered
Microsoft.IoTCentral Registered
Microsoft.IoTSecurity Registered
Microsoft.KeyVault Registered
Microsoft.Kubernetes Registered
Microsoft.KubernetesConfiguration Registered
Microsoft.Kusto Registered
Microsoft.LabServices Registered
Microsoft.Logic Registered
Microsoft.Logz Registered
Microsoft.MachineLearning Registered
Microsoft.MachineLearningServices Registered
Microsoft.Maintenance Registered
Microsoft.ManagedServices Registered
Microsoft.Maps Registered
Microsoft.Marketplace Registered
Microsoft.Media Registered
Microsoft.Migrate Registered
Microsoft.MixedReality Registered
Microsoft.NetApp Registered
Microsoft.NotificationHubs Registered
Microsoft.ObjectStore Registered
Microsoft.OffAzure Registered
Microsoft.OpenLogisticsPlatform Registered
Microsoft.OperationalInsights Registered
Microsoft.OperationsManagement Registered
Microsoft.Peering Registered
Microsoft.PowerBI Registered
Microsoft.PowerBIDedicated Registered
Microsoft.PowerPlatform Registered
Microsoft.ProviderHub Registered
Microsoft.Purview Registered
Microsoft.Quantum Registered
Microsoft.RecommendationsService Registered
Microsoft.RecoveryServices Registered
Microsoft.RedHatOpenShift Registered
Microsoft.Relay Registered
Microsoft.ResourceConnector Registered
Microsoft.ResourceHealth Registered
Microsoft.SaaS Registered
Microsoft.ScVmm Registered
Microsoft.Search Registered
Microsoft.SecurityDetonation Registered
Microsoft.SecurityInsights Registered
Microsoft.ServiceBus Registered
Microsoft.ServiceFabric Registered
Microsoft.ServiceFabricMesh Registered
Microsoft.ServiceLinker Registered
Microsoft.ServicesHub Registered
Microsoft.SignalRService Registered
Microsoft.Singularity Registered
Microsoft.SoftwarePlan Registered
Microsoft.Solutions Registered
Microsoft.Sql Registered
Microsoft.SqlVirtualMachine Registered
Microsoft.StorageCache Registered
Microsoft.StoragePool Registered
Microsoft.StorageSync Registered
Microsoft.StorSimple Registered
Microsoft.StreamAnalytics Registered
Microsoft.Subscription Registered
Microsoft.Synapse Registered
Microsoft.TestBase Registered
Microsoft.TimeSeriesInsights Registered
Microsoft.VirtualMachineImages Registered
microsoft.visualstudio Registered
Microsoft.VMware Registered
Microsoft.VMwareCloudSimple Registered
Microsoft.VSOnline Registered
Microsoft.Web Registered
Microsoft.WindowsESU Registered
Microsoft.WindowsIoT Registered
Microsoft.WorkloadBuilder Registered
Microsoft.WorkloadMonitor Registered
Wandisco.Fusion Registered
Microsoft.MarketplaceNotifications Registered
Dell.Storage NotRegistered
Dynatrace.Observability NotRegistered
Microsoft.ADHybridHealthService Registered
Microsoft.ApiSecurity NotRegistered
Microsoft.App NotRegistered
Microsoft.AppComplianceAutomation NotRegistered
Microsoft.Authorization Registered
Microsoft.AzurePercept NotRegistered
Microsoft.AzureScan NotRegistered
Microsoft.AzureSphereGen2 NotRegistered
Microsoft.AzureSphereV2 NotRegistered
Microsoft.BackupSolutions NotRegistered
Microsoft.Billing Registered
Microsoft.BillingBenefits NotRegistered
Microsoft.ClassicSubscription Registered
Microsoft.CloudTest NotRegistered
Microsoft.CodeSigning NotRegistered
Microsoft.Commerce Registered
microsoft.connectedopenstack NotRegistered
Microsoft.Consumption Registered
Microsoft.CostManagement Registered
Microsoft.Dashboard NotRegistered
Microsoft.DataReplication NotRegistered
Microsoft.DevAI NotRegistered
Microsoft.DevCenter NotRegistered
Microsoft.DevHub NotRegistered
Microsoft.Easm NotRegistered
Microsoft.EdgeOrder NotRegistered
Microsoft.EdgeZones NotRegistered
Microsoft.ElasticSan NotRegistered
Microsoft.Features Registered
Microsoft.Fidalgo NotRegistered
Microsoft.FluidRelay NotRegistered
Microsoft.HpcWorkbench NotRegistered
Microsoft.HybridConnectivity NotRegistered
Microsoft.HybridContainerService NotRegistered
Microsoft.IoTFirmwareDefense NotRegistered
Microsoft.LoadTestService NotRegistered
Microsoft.ManagedNetworkFabric NotRegistered
Microsoft.MarketplaceOrdering Registered
Microsoft.MobileNetwork NotRegistered
Microsoft.Monitor NotRegistered
Microsoft.NetworkAnalytics NotRegistered
Microsoft.NetworkCloud NotRegistered
Microsoft.NetworkFunction NotRegistered
Microsoft.OpenEnergyPlatform NotRegistered
Microsoft.Orbital NotRegistered
Microsoft.Pki NotRegistered
Microsoft.PlayFab NotRegistered
Microsoft.Portal Registered
Microsoft.Quota NotRegistered
Microsoft.ResourceGraph Registered
Microsoft.Resources Registered
Microsoft.Scom NotRegistered
Microsoft.SecurityDevOps NotRegistered
Microsoft.SerialConsole Registered
Microsoft.StorageMover NotRegistered
microsoft.support Registered
microsoft.syntex NotRegistered
Microsoft.VideoIndexer NotRegistered
Microsoft.Workloads NotRegistered
NewRelic.Observability NotRegistered
NGINX.NGINXPLUS NotRegistered
PaloAltoNetworks.Cloudngfw NotRegistered
Qumulo.QaaS NotRegistered

0 enabled Subscription Features docs

0 Resource Locks docs

   Download CSV semicolon | comma
ResourceType Location Count
microsoft.keyvault/vaults westeurope 1
microsoft.logic/workflows northeurope 1
microsoft.managedidentity/userassignedidentities northeurope 1
microsoft.managedidentity/userassignedidentities westeurope 1
microsoft.network/networksecuritygroups westeurope 2
microsoft.network/routetables northeurope 1
microsoft.storage/storageaccounts northeurope 1
microsoft.storage/storageaccounts westeurope 1
   CAF - Recommended abbreviations for Azure resource types docs
   Resource details can be found in the CSV output *_ResourcesAll.csv
   Download CSV semicolon | comma
ResourceType Recommendation ResourceFriendlyName passed failed passed percentage
microsoft.keyvault/vaults kv- Key vault 0 1 0%
microsoft.logic/workflows logic- Logic apps 1 0 100%
microsoft.managedidentity/userassignedidentities id- Managed Identity 0 2 0%
microsoft.network/networksecuritygroups nsg- Network security group (NSG) 0 2 0%
microsoft.network/routetables rt- Route table 0 1 0%
microsoft.storage/storageaccounts st, stvm Storage account, VM storage account 0 2 0%
   'Azure Orphan Resources' ARG queries and workbooks GitHub
   Resource details can be found in the CSV output *_ResourcesOrphaned.csv
   Download CSV semicolon | comma
ResourceType Resource count Intent Cost (30 days) Currency
microsoft.network/networksecuritygroups 2 misconfiguration
microsoft.network/routetables 1 misconfiguration
microsoft.resources/subscriptions/resourcegroups 791 clean up
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.keyvault/vaults 1 True True True AuditEvent, AzurePolicyEvaluationDetails
microsoft.logic/workflows 1 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 2 False False False
microsoft.network/networksecuritygroups 2 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/routetables 1 False False False
microsoft.storage/storageaccounts 2 True True False
   Managed identity 'user-assigned' vs 'system-assigned' docs
   Download CSV semicolon | comma
MI Name MI MgPath MI Subscription Name MI Subscription Id MI ResourceGroup MI ResourceId MI AAD SP objectId MI AAD SP applicationId MI count Res assignments Res Name Res Type Res MgPath Res Subscription Name Res Subscription Id Res ResourceGroup Res Id Res count assigned MIs
mi4439 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 mi /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/mi/providers/microsoft.managedidentity/userassignedidentities/mi4439 4b8bce68-e5f3-47d9-9420-66187e697c64 208163d8-f6f1-4726-b777-bd97d6efe6ec 1 logic-prj0765 Microsoft.Logic/workflows 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f rg-logic /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourceGroups/rg-logic/providers/Microsoft.Logic/workflows/logic-prj0765 1
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.KeyVault/vaults 3 Operational Excellence Repeatable infrastructure Awareness Use valid Key Vault names Consider using names that meet Key Vault naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.KeyVault/vaults 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.KeyVault/vaults 2 Reliability Data management Important Use Key Vault Soft Delete Consider enabling soft delete on Key Vaults to enable recovery of vaults and vault items.
Microsoft.KeyVault/vaults 1 Security Identity and access management Important Limit access to Key Vault data Consider assigning access to Key Vault data based on the principle of least privilege.
Microsoft.KeyVault/vaults 1 Security Key and secret management Important Enable Key Vault key auto-rotation Consider enabling auto-rotation on Key Vault keys.
Microsoft.KeyVault/vaults 1 Security Security operations Important Audit Key Vault data access Consider configuring diagnostic settings to log access for Key Vault data. Also consider, storing the access data into Azure Monitor and using Key Vault Analytics.
Microsoft.Logic/workflows 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.ManagedIdentity/userAssignedIdentities 2 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.ManagedIdentity/userAssignedIdentities 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.ManagedIdentity/userAssignedIdentities 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/networkSecurityGroups 2 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added.
Microsoft.Network/networkSecurityGroups 2 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/networkSecurityGroups 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/networkSecurityGroups 2 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet.
Microsoft.Network/networkSecurityGroups 2 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts.
Microsoft.Network/routeTables 1 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/routeTables 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Storage/storageAccounts 2 Operational Excellence Repeatable infrastructure Awareness Use valid storage account names Consider using names that meet Storage Account naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Storage/storageAccounts 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Storage/storageAccounts 2 Reliability Data management Important Use geo-replicated storage Consider using GRS for storage accounts that contain data.
Microsoft.Storage/storageAccounts 1 Security Application endpoints Important Configure Azure Storage firewall Consider configuring storage firewall to restrict network access to permitted clients only. Also consider enforcing this setting using Azure Policy.
Microsoft.Storage/storageAccounts 2 Security Authentication Important Disallow anonymous access to blob service Consider disallowing anonymous access to storage account blobs unless specifically required. Also consider enforcing this setting using Azure Policy.
Microsoft.Storage/storageAccounts 2 Security Authentication Important Use private blob containers To provide secure access to data always use the Private access type (default). Also consider, disabling public access for the storage account.
Microsoft.Storage/storageAccounts 2 Security Encryption Critical Storage Account minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider enforcing this setting using Azure Policy.
Microsoft.Storage/storageAccounts 2 Security Encryption Important Enforce encrypted Storage connections Storage accounts should only accept secure traffic. Consider only accepting encrypted connections by setting the Secure transfer required option. Also consider using Azure Policy to audit or enforce this configuration.
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH-landingzones false false Network interfaces should disable IP forwarding /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 BuiltIn Network False deny Default 0 0 0 0 0 none Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Kubernetes clusters should not allow container privilege escalation /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Kubernetes cluster should not allow privileged containers /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false RDP access from the Internet should be blocked /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Custom Network true Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones true false Secure transfer to storage accounts should be enabled /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 BuiltIn Storage False Audit Default 0 0 0 0 0 none Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 01/25/2021 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Subnets should have a Network Security Group /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Custom Network true Deny Default 0 0 0 0 0 none Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 BuiltIn Kubernetes False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Auditing on SQL server should be enabled /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 BuiltIn SQL False AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 BuiltIn Backup False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 01/10/2021 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Kubernetes clusters should be accessible only over HTTPS /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Deploy SQL DB transparent data encryption /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f BuiltIn SQL False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub false false [Deprecated]: Function App should only be accessible over HTTPS /providers/microsoft.authorization/policydefinitions/5df82f4f-773a-4a2d-97a2-422a806f1a55 BuiltIn Security Center False AuditIfNotExists Default 0 0 0 0 0 none testDeprecatedAssignment /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcdd1466e4fc5114b6e5f13d n/a 07/18/2021 15:09:28 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
thisScope Sub false false Audit virtual machines without disaster recovery configured /providers/microsoft.authorization/policydefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 BuiltIn Compute False auditIfNotExists Default 0 0 0 0 0 none Audit virtual machines without disaster recovery configured /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/bcee1466e4fc4114b5e5f03d Joe Dalton 06/16/2021 16:07:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 37 7 10 1 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 2 1 3 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Sub false 1234_API_MG_RA_onRG_(1234_RG_CUST) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust) Custom 1234_RgRoleAssignment false aadObjectIdGroup=2aa667c2-7395-404a-8000-3f7b675680d4, aadObjectIdServicePrincipal=506ae68a-a1f7-42f7-9285-c54ef56a3006, roleDefinitionIdGroup=/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c, roleDefinitionIdServicePrincipal=/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 2 0 1 0 Owner (/subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e8) 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f (SPObjId: 06683a54-86ee-4248-9c50-4b3c47b855be) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f n/a 09/14/2021 16:55:57 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

Policy Assignment Limit: 3/200

   Download CSV semicolon | comma
Policy DisplayName PolicyId Category ALZ Policy effect Role definitions Unique assignments Used in PolicySets
cust_Deploy a default budget on all subscriptions under the assigned scope /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/1c5e347d-1d8f-4854-9d88-918455c3c983 ALZClone true Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled Contributor 0 0
myPipelinePolicy /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Cache false Default: Audit; Allowed: Audit,Deny n/a 0 0

0 Custom PolicySet definitions scoped

0 Blueprints assigned

0 Blueprints scoped

   Download CSV semicolon | comma
Role Identity
ServiceAdministrator its.joe.dalton@azgovviz.net
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH-online Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/roleassignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 none 01/10/2021 20:57:02 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect group03 (e2390190-219f-419f-bdfa-a9f5cc3698cc) 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 none 07/21/2021 10:08:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/70e14253-25d3-447f-9356-ac32985062a4 none 07/19/2021 19:31:24 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True group03 n/a e2390190-219f-419f-bdfa-a9f5cc3698cc Group direct 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/6bbd9ae3-1189-40bb-8170-7e8674b79159 none 07/21/2021 10:08:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipelineNonProd n/a 192e9bab-be5b-4f6f-9e89-a4c80e638e43 SP APP INT direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/66eb6b8e-95e1-472f-9ab1-91115194ec0e none 10/27/2021 14:07:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Monitoring Reader 43d0d8ad-25c7-4714-9337-8ba259a9fe05 Builtin false False Jolly Jumper JollyJumper@AzGovViz.onmicrosoft.com 192ff2e5-52de-4c93-b220-f9ced74068b0 User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/79041f69-fb87-4da7-8676-6431f7ad43a8 none 01/25/2021 22:11:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Tag Contributor 4a9ae827-6dc8-4573-8ac7-8239d42aa03f Builtin false False Tag Bert TagBert@AzGovViz.onmicrosoft.com 9e1643fe-b887-4a53-9071-56801236f719 User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/1dd61049-04b7-4058-af49-01f9b83159b2 none 07/22/2021 08:57:09 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f n/a 06683a54-86ee-4248-9c50-4b3c47b855be SP MI Sys direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e8 /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f (1234_API_MG_RA_onRG_(1234_RG_CUST)) 09/14/2021 16:57:02 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/68463d6a-5bd9-4d2b-8607-cb12a73d3c53 none 05/13/2021 12:05:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/2754101a-9df1-48e7-ae2a-836f23710ed7 none 07/19/2021 19:43:09 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user00 user00@AzGovViz.onmicrosoft.com 05687e51-8ebb-4a06-9eae-9e9786f79090 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/cfd94c09-b2ea-4f72-b63a-31a0e14c3834 none 04/27/2022 21:23:41 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group01 n/a 66f4e0b3-13af-4c93-ad43-67042ed760e5 Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user01 user01@AzGovViz.onmicrosoft.com 7dd8e665-9277-4bbb-94f9-ff278ceff8c0 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ra0 n/a 862a78e3-3e64-4272-a758-c987b2410718 Group direct 0 (Usr: 0, Grp: 0, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/a45b2d11-f939-572e-8672-c221fa4f8396 none 03/16/2022 23:58:28 ObjectType: SP MI Sys, ObjectDisplayName: enforce0, ObjectSignInName: n/a, ObjectId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group02 n/a 903a7f87-c183-4962-8983-c793a77f18bf Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group00 n/a c1916fdd-08d8-439e-a329-d540c6f002a8 Group direct 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False mi5640 n/a c269faa6-e208-4ff7-a74b-0bd6902f2f50 SP MI Usr direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/51d44b26-f5d2-4c7e-ae24-ef25fc53613b none 01/07/2022 18:36:28 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user03 user03@AzGovViz.onmicrosoft.com c472fa07-5319-4f5f-8bcd-00d4162bb8fd User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user02 user02@AzGovViz.onmicrosoft.com cb317eea-8af2-4cb8-bde5-516e0b951f1b User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/06e10e98-b109-40c5-bf73-691605bf66e3 none 05/15/2021 06:39:31 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False mi5639 n/a f84fb916-e925-41d8-afdc-7bfa1a32d65a SP MI Usr direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/0e7d83a8-0588-4ef3-8acd-4cddecf0076c none 01/07/2022 16:52:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Managed Application Operator Role c7393b34-138c-406f-901b-d8cf2b17e6ae Builtin false False RPSaaS Meta RP n/a 91c60235-9208-499d-9887-416059ab970f SP APP EXT direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/providers/microsoft.authorization/roleassignments/e88742ee-5622-40d2-9a00-c5e3080a8a16 none 11/03/2021 10:52:06 IsNullOrEmpty
thisScope Sub RG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 1234_DevOpsSP n/a 506ae68a-a1f7-42f7-9285-c54ef56a3006 SP APP INT direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourcegroups/1234_rg_cust_tim_210914-185704/providers/microsoft.authorization/roleassignments/c2b45172-8770-5359-a734-6574525a0e6b none 09/14/2021 16:58:20 ObjectType: SP MI Sys, ObjectDisplayName: 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f, ObjectSignInName: n/a, ObjectId: 06683a54-86ee-4248-9c50-4b3c47b855be
thisScope Sub RG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234_DevOpsGroup n/a 2aa667c2-7395-404a-8000-3f7b675680d4 Group direct 0 (Usr: 0, Grp: 0, SP: 0) /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourcegroups/1234_rg_cust_tim_210914-185704/providers/microsoft.authorization/roleassignments/e4754ccf-e384-5c83-992d-0a7a35fcc732 none 09/14/2021 16:58:20 ObjectType: SP MI Sys, ObjectDisplayName: 1234_APA_Sub_RoleAssignment_4dfa3b56-55bf-4059-802a-24e44a4fb60f, ObjectSignInName: n/a, ObjectId: 06683a54-86ee-4248-9c50-4b3c47b855be
thisScope Sub RG Res Storage Blob Data Reader 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1 Builtin true False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourcegroups/projectb/providers/microsoft.storage/storageaccounts/sa6749/providers/microsoft.authorization/roleassignments/a04a9b5a-9262-4b83-921b-b68d7f7b56a8 none 09/24/2022 13:14:24 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

Highlight Subscription in HierarchyMap

Subscription Name: payg1

Subscription Id: 20217969-e578-4e91-beea-9bcf18b05a7e

Subscription Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/20217969-e578-4e91-beea-9bcf18b05a7e

State: Enabled

QuotaId: PayAsYouGo_2014-09-01

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

Microsoft Defender for Cloud plans - Subscription skipped (SubscriptionNotRegistered) (ResourceProvider: Microsoft.Security) docs

   Download CSV semicolon | comma
Diagnostic setting Target Target Id Administrative Alert Autoscale Policy Recommendation ResourceHealth Security ServiceHealth
subscriptionToLa LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true true true true true true true
   Download CSV semicolon | comma
Tag Name Tag Value
TechnicalContact me
   Resource naming and tagging decision guide docs
   Download CSV semicolon | comma
Scope TagName Count
Resource costCenter 1
Subscription TechnicalContact 1

No Consumption data available

9 Resource Groups | Limit: (9/980)

   Download CSV semicolon | comma
Provider State
microsoft.insights Registered
Microsoft.MarketplaceNotifications Registered
Microsoft.Network Registered
Microsoft.PolicyInsights Registered
Microsoft.Diagnostics Registered
Microsoft.Advisor Registered
Microsoft.Web Registered
Microsoft.Storage Registered
Microsoft.Compute Registered
Dell.Storage NotRegistered
Dynatrace.Observability NotRegistered
Microsoft.AAD NotRegistered
microsoft.aadiam NotRegistered
Microsoft.Addons NotRegistered
Microsoft.ADHybridHealthService Registered
Microsoft.AgFoodPlatform NotRegistered
Microsoft.AlertsManagement NotRegistered
Microsoft.AnalysisServices NotRegistered
Microsoft.AnyBuild NotRegistered
Microsoft.ApiManagement NotRegistered
Microsoft.ApiSecurity NotRegistered
Microsoft.App NotRegistered
Microsoft.AppAssessment NotRegistered
Microsoft.AppComplianceAutomation NotRegistered
Microsoft.AppConfiguration NotRegistered
Microsoft.AppPlatform NotRegistered
Microsoft.Attestation NotRegistered
Microsoft.Authorization Registered
Microsoft.Automanage NotRegistered
Microsoft.Automation NotRegistered
Microsoft.AutonomousDevelopmentPlatform NotRegistered
Microsoft.AutonomousSystems NotRegistered
Microsoft.AVS NotRegistered
Microsoft.AzureActiveDirectory NotRegistered
Microsoft.AzureArcData NotRegistered
Microsoft.AzureCIS NotRegistered
Microsoft.AzureData NotRegistered
Microsoft.AzurePercept NotRegistered
Microsoft.AzureScan NotRegistered
Microsoft.AzureSphere NotRegistered
Microsoft.AzureSphereGen2 NotRegistered
Microsoft.AzureSphereV2 NotRegistered
Microsoft.AzureStack NotRegistered
Microsoft.AzureStackHCI NotRegistered
Microsoft.BackupSolutions NotRegistered
Microsoft.BareMetalInfrastructure NotRegistered
Microsoft.Batch NotRegistered
Microsoft.Billing Registered
Microsoft.BillingBenefits NotRegistered
Microsoft.Bing NotRegistered
Microsoft.BlockchainTokens NotRegistered
Microsoft.Blueprint NotRegistered
Microsoft.BotService NotRegistered
Microsoft.Cache NotRegistered
Microsoft.Capacity NotRegistered
Microsoft.Cascade NotRegistered
Microsoft.Cdn NotRegistered
Microsoft.CertificateRegistration NotRegistered
Microsoft.ChangeAnalysis NotRegistered
Microsoft.Chaos NotRegistered
Microsoft.ClassicCompute NotRegistered
Microsoft.ClassicInfrastructureMigrate NotRegistered
Microsoft.ClassicNetwork NotRegistered
Microsoft.ClassicStorage NotRegistered
Microsoft.ClassicSubscription Registered
Microsoft.CloudTest NotRegistered
Microsoft.CodeSigning NotRegistered
Microsoft.Codespaces NotRegistered
Microsoft.CognitiveServices NotRegistered
Microsoft.Commerce Registered
Microsoft.Communication NotRegistered
Microsoft.ConfidentialLedger NotRegistered
Microsoft.Confluent NotRegistered
Microsoft.ConnectedCache NotRegistered
microsoft.connectedopenstack NotRegistered
Microsoft.ConnectedVehicle NotRegistered
Microsoft.ConnectedVMwarevSphere NotRegistered
Microsoft.Consumption Registered
Microsoft.ContainerInstance NotRegistered
Microsoft.ContainerRegistry NotRegistered
Microsoft.ContainerService NotRegistered
Microsoft.CostManagement Registered
Microsoft.CostManagementExports NotRegistered
Microsoft.CustomerLockbox NotRegistered
Microsoft.CustomProviders NotRegistered
Microsoft.D365CustomerInsights NotRegistered
Microsoft.Dashboard NotRegistered
Microsoft.DataBox NotRegistered
Microsoft.DataBoxEdge NotRegistered
Microsoft.Databricks NotRegistered
Microsoft.DataCatalog NotRegistered
Microsoft.DataCollaboration NotRegistered
Microsoft.Datadog NotRegistered
Microsoft.DataFactory NotRegistered
Microsoft.DataLakeAnalytics NotRegistered
Microsoft.DataLakeStore NotRegistered
Microsoft.DataMigration NotRegistered
Microsoft.DataProtection NotRegistered
Microsoft.DataReplication NotRegistered
Microsoft.DataShare NotRegistered
Microsoft.DBforMariaDB NotRegistered
Microsoft.DBforMySQL NotRegistered
Microsoft.DBforPostgreSQL NotRegistered
Microsoft.DelegatedNetwork NotRegistered
Microsoft.DeploymentManager NotRegistered
Microsoft.DesktopVirtualization NotRegistered
Microsoft.DevAI NotRegistered
Microsoft.DevCenter NotRegistered
Microsoft.DevHub NotRegistered
Microsoft.Devices NotRegistered
Microsoft.DeviceUpdate NotRegistered
Microsoft.DevOps NotRegistered
Microsoft.DevTestLab NotRegistered
Microsoft.DigitalTwins NotRegistered
Microsoft.DocumentDB NotRegistered
Microsoft.DomainRegistration NotRegistered
Microsoft.Easm NotRegistered
Microsoft.EdgeOrder NotRegistered
Microsoft.EdgeZones NotRegistered
Microsoft.Elastic NotRegistered
Microsoft.ElasticSan NotRegistered
Microsoft.EventGrid NotRegistered
Microsoft.EventHub NotRegistered
Microsoft.ExtendedLocation NotRegistered
Microsoft.Falcon NotRegistered
Microsoft.Features Registered
Microsoft.Fidalgo NotRegistered
Microsoft.FluidRelay NotRegistered
Microsoft.GuestConfiguration NotRegistered
Microsoft.HanaOnAzure NotRegistered
Microsoft.HardwareSecurityModules NotRegistered
Microsoft.HDInsight NotRegistered
Microsoft.HealthBot NotRegistered
Microsoft.HealthcareApis NotRegistered
Microsoft.HpcWorkbench NotRegistered
Microsoft.HybridCompute NotRegistered
Microsoft.HybridConnectivity NotRegistered
Microsoft.HybridContainerService NotRegistered
Microsoft.HybridData NotRegistered
Microsoft.HybridNetwork NotRegistered
Microsoft.ImportExport NotRegistered
Microsoft.IntelligentITDigitalTwin NotRegistered
Microsoft.IoTCentral NotRegistered
Microsoft.IoTFirmwareDefense NotRegistered
Microsoft.IoTSecurity NotRegistered
Microsoft.KeyVault NotRegistered
Microsoft.Kubernetes NotRegistered
Microsoft.KubernetesConfiguration NotRegistered
Microsoft.Kusto NotRegistered
Microsoft.LabServices NotRegistered
Microsoft.LoadTestService NotRegistered
Microsoft.Logic NotRegistered
Microsoft.Logz NotRegistered
Microsoft.MachineLearning NotRegistered
Microsoft.MachineLearningServices NotRegistered
Microsoft.Maintenance NotRegistered
Microsoft.ManagedIdentity NotRegistered
Microsoft.ManagedNetworkFabric NotRegistered
Microsoft.ManagedServices NotRegistered
Microsoft.Management NotRegistered
Microsoft.Maps NotRegistered
Microsoft.Marketplace NotRegistered
Microsoft.MarketplaceOrdering Registered
Microsoft.Media NotRegistered
Microsoft.Migrate NotRegistered
Microsoft.MixedReality NotRegistered
Microsoft.MobileNetwork NotRegistered
Microsoft.Monitor NotRegistered
Microsoft.NetApp NotRegistered
Microsoft.NetworkAnalytics NotRegistered
Microsoft.NetworkCloud NotRegistered
Microsoft.NetworkFunction NotRegistered
Microsoft.NotificationHubs NotRegistered
Microsoft.ObjectStore NotRegistered
Microsoft.OffAzure NotRegistered
Microsoft.OpenEnergyPlatform NotRegistered
Microsoft.OpenLogisticsPlatform NotRegistered
Microsoft.OperationalInsights NotRegistered
Microsoft.OperationsManagement NotRegistered
Microsoft.Orbital NotRegistered
Microsoft.Peering NotRegistered
Microsoft.Pki NotRegistered
Microsoft.PlayFab NotRegistered
Microsoft.Portal Registered
Microsoft.PowerBI NotRegistered
Microsoft.PowerBIDedicated NotRegistered
Microsoft.PowerPlatform NotRegistered
Microsoft.ProviderHub NotRegistered
Microsoft.Purview NotRegistered
Microsoft.Quantum NotRegistered
Microsoft.Quota NotRegistered
Microsoft.RecommendationsService NotRegistered
Microsoft.RecoveryServices NotRegistered
Microsoft.RedHatOpenShift NotRegistered
Microsoft.Relay NotRegistered
Microsoft.ResourceConnector NotRegistered
Microsoft.ResourceGraph Registered
Microsoft.ResourceHealth NotRegistered
Microsoft.Resources Registered
Microsoft.SaaS NotRegistered
Microsoft.Scom NotRegistered
Microsoft.ScVmm NotRegistered
Microsoft.Search NotRegistered
Microsoft.Security NotRegistered
Microsoft.SecurityDetonation NotRegistered
Microsoft.SecurityDevOps NotRegistered
Microsoft.SecurityInsights NotRegistered
Microsoft.SerialConsole Registered
Microsoft.ServiceBus NotRegistered
Microsoft.ServiceFabric NotRegistered
Microsoft.ServiceFabricMesh NotRegistered
Microsoft.ServiceLinker NotRegistered
Microsoft.ServicesHub NotRegistered
Microsoft.SignalRService NotRegistered
Microsoft.Singularity NotRegistered
Microsoft.SoftwarePlan NotRegistered
Microsoft.Solutions NotRegistered
Microsoft.Sql NotRegistered
Microsoft.SqlVirtualMachine NotRegistered
Microsoft.StorageCache NotRegistered
Microsoft.StorageMover NotRegistered
Microsoft.StoragePool NotRegistered
Microsoft.StorageSync NotRegistered
Microsoft.StorSimple NotRegistered
Microsoft.StreamAnalytics NotRegistered
Microsoft.Subscription NotRegistered
microsoft.support Registered
Microsoft.Synapse NotRegistered
microsoft.syntex NotRegistered
Microsoft.TestBase NotRegistered
Microsoft.TimeSeriesInsights NotRegistered
Microsoft.VideoIndexer NotRegistered
Microsoft.VirtualMachineImages NotRegistered
microsoft.visualstudio NotRegistered
Microsoft.VMware NotRegistered
Microsoft.VMwareCloudSimple NotRegistered
Microsoft.VSOnline NotRegistered
Microsoft.WindowsESU NotRegistered
Microsoft.WindowsIoT NotRegistered
Microsoft.WorkloadBuilder NotRegistered
Microsoft.WorkloadMonitor NotRegistered
Microsoft.Workloads NotRegistered
NewRelic.Observability NotRegistered
NGINX.NGINXPLUS NotRegistered
PaloAltoNetworks.Cloudngfw NotRegistered
Qumulo.QaaS NotRegistered
Wandisco.Fusion NotRegistered

0 enabled Subscription Features docs

0 Resource Locks docs

   Download CSV semicolon | comma
ResourceType Location Count
microsoft.network/networksecuritygroups eastus 3
microsoft.network/networkwatchers northeurope 1
microsoft.network/routetables northcentralus 2
microsoft.network/routetables westeurope 2
microsoft.network/virtualnetworks northeurope 1
microsoft.web/serverfarms westeurope 1
microsoft.web/sites westeurope 1
   CAF - Recommended abbreviations for Azure resource types docs
   Resource details can be found in the CSV output *_ResourcesAll.csv
   Download CSV semicolon | comma
ResourceType Recommendation ResourceFriendlyName passed failed passed percentage
microsoft.network/networksecuritygroups nsg- Network security group (NSG) 0 3 0%
microsoft.network/networkwatchers nw- Network Watcher 0 1 0%
microsoft.network/routetables rt- Route table 0 4 0%
microsoft.network/virtualnetworks vnet- Virtual network 0 1 0%
microsoft.web/serverfarms plan- App Service plan 0 1 0%
microsoft.web/sites app-, func-, ase- Web app, Function app, App Service environment 0 1 0%
   'Azure Orphan Resources' ARG queries and workbooks GitHub
   Resource details can be found in the CSV output *_ResourcesOrphaned.csv
   Download CSV semicolon | comma
ResourceType Resource count Intent Cost (30 days) Currency
microsoft.network/networksecuritygroups 3 misconfiguration
microsoft.network/routetables 4 misconfiguration
microsoft.resources/subscriptions/resourcegroups 4 clean up
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.network/networksecuritygroups 3 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 1 False False False
microsoft.network/routetables 4 False False False
microsoft.network/virtualnetworks 1 True True True VMProtectionAlerts
microsoft.web/serverfarms 1 True True False
microsoft.web/sites 1 True True True AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs

No UserAssigned Managed Identities assigned to Resources / vice versa - at all

   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Network/networkSecurityGroups 3 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added.
Microsoft.Network/networkSecurityGroups 3 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/networkSecurityGroups 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/networkSecurityGroups 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/networkSecurityGroups 3 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet.
Microsoft.Network/networkSecurityGroups 3 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts.
Microsoft.Network/networkWatchers 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/routeTables 4 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/routeTables 4 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/virtualNetworks 2 Operational Excellence Repeatable infrastructure Awareness Use valid subnet names Consider using names that meet subnet naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/virtualNetworks 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/virtualNetworks 2 Reliability Availability Important Use redundant DNS servers Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced.
Microsoft.Network/virtualNetworks 1 Security Network segmentation Critical Use NSGs on subnets For virtual network subnets, ensure that a network security groups (NSGs) are assigned.
Microsoft.Web/serverFarms 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Web/serverFarms 1 Performance Efficiency Capacity planning Important Use App Service production SKU Consider using a standard or premium plan for hosting apps on Azure App Service.
Microsoft.Web/serverFarms 1 Reliability Resiliency and dependencies Important Use two or more App Service Plan instances Consider using an App Service Plan with at least two (2) instances.
Microsoft.Web/sites 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Web/sites 2 Performance Efficiency Application design Awareness Use HTTP/2 connections for App Service apps Consider using HTTP/2 for Azure Services apps to improve protocol efficiency.
Microsoft.Web/sites 1 Performance Efficiency Application design Important Use App Service Always On Consider enabling Always On for each App Services app.
Microsoft.Web/sites 2 Reliability Load balancing and failover Important Web apps use health probes Consider configuring a health probe to monitor instance availability.
Microsoft.Web/sites 2 Security Data protection Important Web apps disable insecure FTP Consider disabling insecure FTP and configure SFTP only when required. Also consider using Azure Policy to audit or enforce this configuration.
Microsoft.Web/sites 2 Security Deployment Important Use a newer .NET version Consider updating the site to use a newer .NET version such as v6.0.
Microsoft.Web/sites 1 Security Encryption Critical App Service minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider using Azure Policy to audit or enforce this configuration.
Microsoft.Web/sites 1 Security Identity and access management Important App Service apps uses a managed identity Consider configuring a managed identity for each App Service app. Also consider using managed identities to authenticate to related Azure services.
Microsoft.Web/sites 1 Security Security configuration Important Disable App Service remote debugging Consider disabling remote debugging when not in use.
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH-landingzones false false Network interfaces should disable IP forwarding /providers/microsoft.authorization/policydefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900 BuiltIn Network False deny Default 0 0 0 0 0 none Deny-IP-Forwarding /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-ip-forwarding n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Kubernetes clusters should not allow container privilege escalation /providers/microsoft.authorization/policydefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Escalations-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-priv-esc-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Kubernetes cluster should not allow privileged containers /providers/microsoft.authorization/policydefinitions/95edb821-ddaf-4404-9732-666045e056b4 BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Deny-Privileged-Containers-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-privileged-aks n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false RDP access from the Internet should be blocked /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-rdp-from-internet Custom Network true Deny Default 0 0 0 0 0 none Deny-RDP-from-Internet /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-rdp-from-internet n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Secure transfer to storage accounts should be enabled /providers/microsoft.authorization/policydefinitions/404c3081-a854-4457-ae30-26a93ef643f9 BuiltIn Storage False Audit Default 0 0 0 0 0 none Enforce-Secure-Storage /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-storage-http n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 01/25/2021 22:26:59 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Subnets should have a Network Security Group /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deny-subnet-without-nsg Custom Network true Deny Default 1 0 1 0 0 none Deny-Subnet-Without-Nsg /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deny-subnet-without-nsg n/a 01/10/2021 20:58:32 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Deploy Azure Policy Add-on to Azure Kubernetes Service clusters /providers/microsoft.authorization/policydefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7 BuiltIn Kubernetes False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345) Deploy-AKS-Policy (SPObjId: fb0a7498-393f-434d-aa93-2acd144f489f) Deploy-AKS-Policy /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Auditing on SQL server should be enabled /providers/microsoft.authorization/policydefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 BuiltIn SQL False AuditIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6) Deploy-SQL-DB-Auditing (SPObjId: 4f3a2551-ea2f-43c6-9623-8950156d19b7) Deploy-SQL-Audit /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing n/a 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy /providers/microsoft.authorization/policydefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 BuiltIn Backup False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5) Deploy-VM-Backup (SPObjId: e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2) Deploy-VM-Backup /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup n/a 01/10/2021 20:58:34 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Kubernetes clusters should be accessible only over HTTPS /providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d BuiltIn Kubernetes False deny effect=deny Default 0 0 0 0 0 none Enforce-Https-Ingress-AKS /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-aks-https n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones false false Deploy SQL DB transparent data encryption /providers/microsoft.authorization/policydefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f BuiltIn SQL False DeployIfNotExists Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f) Enforce-SQL-Encryption (SPObjId: 34520a11-7b14-46a8-ac34-7d766959460a) Deploy-SQL-Security /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption n/a 01/10/2021 20:58:33 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG false false Deny the creation of private DNS - cust /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/53568753-a797-45d7-a552-d55f4a398bbb Custom Network-custom true Deny Default creation of private DNS prohibited 0 0 0 0 0 none Deny the creation of private DNS - cust /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/d1212de8a8fd4184a8965eea Joe Dalton 05/02/2022 07:02:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG false false 1234Deny-ra-if-SPObjectId /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/policydefinitions/8a9070c4-7eec-4b78-b044-62c20a06d1de Custom n/a false deny Default 1 0 1 0 0 none 1234Deny-ra-if-SPObjectId /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/policyassignments/fa0ac64635d34f42b8e052ba Joe Dalton 03/17/2022 15:07:17 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 38 4 7 0 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 3 1 5 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Sub RG false API - Deny the creation of private DNS - cust /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/policysetdefinitions/ee6248fccddc45b59624ac8f Custom Network-custom false Default 0 0 0 0 0 none API - Deny the creation of private DNS - cust /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/nsg/providers/microsoft.authorization/policyassignments/fab7aac62c1d419d87835c61 Joe Dalton 05/02/2022 07:08:06 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

Policy Assignment Limit: 3/200

   Download CSV semicolon | comma
Policy DisplayName PolicyId Category ALZ Policy effect Role definitions Unique assignments Used in PolicySets
1234Deny-ra-if-SPObjectId /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/policydefinitions/8a9070c4-7eec-4b78-b044-62c20a06d1de false Fixed: deny n/a 1 (/subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/policyassignments/fa0ac64635d34f42b8e052ba) 0

0 Custom PolicySet definitions scoped

0 Blueprints assigned

0 Blueprints scoped

No Classic Administrators

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Enforce-SQL-Encryption n/a 34520a11-7b14-46a8-ac34-7d766959460a SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3df334e6-61c3-543a-b548-97586caf6d4f /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/enforce-sql-encryption (Deploy SQL DB transparent data encryption) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-SQL-DB-Auditing n/a 4f3a2551-ea2f-43c6-9623-8950156d19b7 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/8085d5e6-c291-571e-bd96-a2eb4769f9e6 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-sql-db-auditing (Auditing on SQL server should be enabled) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/093ad67e-4eae-4536-aa0b-da4e09b47d88 none 01/10/2021 20:56:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Backup n/a e2511ca5-bcb3-4dbd-9d91-c18590c2a9d2 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/70486d4a-1ee2-5f70-bb58-b3bd79840ae5 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-vm-backup (Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy) 01/10/2021 20:58:36 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AKS-Policy n/a fb0a7498-393f-434d-aa93-2acd144f489f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/4f80e55d-446d-5743-a173-5d189d196345 /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/policyassignments/deploy-aks-policy (Deploy Azure Policy Add-on to Azure Kubernetes Service clusters) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest indirect 3rdPartyStaff (cb036073-f86b-46e1-9726-1eaccb62a678) 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH-landingzones Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 3rdPartyStaff n/a cb036073-f86b-46e1-9726-1eaccb62a678 Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/esjh-landingzones/providers/microsoft.authorization/roleassignments/3b6291a1-fc61-41d8-abff-43d04e35be62 none 01/25/2021 22:02:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH-online Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-online/providers/microsoft.authorization/roleassignments/06ee6718-e394-4fcf-bbc2-cf358381ff67 none 01/10/2021 20:57:02 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/roleassignments/864998c3-485a-4a14-9266-db57615348c2 none 02/22/2022 08:18:17 IsNullOrEmpty
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ra0 n/a 862a78e3-3e64-4272-a758-c987b2410718 Group direct 0 (Usr: 0, Grp: 0, SP: 0) /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/providers/microsoft.authorization/roleassignments/79c80373-cc03-5188-bffa-f43f48c2efba none 03/16/2022 23:58:28 ObjectType: SP MI Sys, ObjectDisplayName: enforce0, ObjectSignInName: n/a, ObjectId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16
thisScope Sub RG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/roleassignments/d7548269-bcb4-4d43-a81c-d015d9c696e3 none 03/17/2022 15:07:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/protectedresources/providers/microsoft.authorization/roleassignments/d7548269-bcb4-4d43-a81c-d015d9c696e3 none 03/17/2022 15:07:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/8b655714-1947-47c2-ad4d-2d1afb15d852 none 05/19/2022 14:10:27 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/893d3984-7785-44dc-bcba-89a0baa2d38a none 09/15/2022 07:17:35 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/e94c2097-5257-4a68-aad4-0fd0e3a91442 none 05/19/2022 16:42:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/7f38ec43-e240-436f-84e3-c1e1d975737d none 05/21/2022 06:41:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG Res Website Contributor de139f84-1756-47ae-9be6-808fbbe84772 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /subscriptions/20217969-e578-4e91-beea-9bcf18b05a7e/resourcegroups/webapp/providers/microsoft.web/sites/azgvz/providers/microsoft.authorization/roleassignments/bd93a3a3-1d3a-4e39-a509-10d07112b462 none 05/20/2022 16:33:04 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

Highlight Management Group in HierarchyMap

Management Group Name: ESJH-platform

Management Group Id: ESJH-platform

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform

1 ManagementGroups below this scope

1 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

   Download CSV semicolon | comma
Diagnostic setting Target Target Id Administrative Policy
mgDiag_ESJH-platform LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true

No Consumption data available for Subscriptions under this ManagementGroup

   Download CSV semicolon | comma
ResourceType Location Count
microsoft.automation/automationaccounts westeurope 1
microsoft.automation/automationaccounts/runbooks westeurope 1
microsoft.logic/workflows northcentralus 1
microsoft.managedidentity/userassignedidentities northeurope 1
microsoft.network/networksecuritygroups northeurope 1
microsoft.network/networksecuritygroups westeurope 1
microsoft.network/networkwatchers westeurope 1
microsoft.network/routetables northcentralus 3
microsoft.network/routetables southafricanorth 1
microsoft.network/virtualnetworks westeurope 1
microsoft.operationalinsights/workspaces westeurope 1
microsoft.operationsmanagement/solutions westeurope 10
microsoft.storage/storageaccounts eastus 1
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.automation/automationaccounts 1 True True True JobLogs, JobStreams, DscNodeStatus, AuditEvent
microsoft.automation/automationaccounts/runbooks 1 False False False
microsoft.logic/workflows 1 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 1 False False False
microsoft.network/networksecuritygroups 2 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 1 False False False
microsoft.network/routetables 4 False False False
microsoft.network/virtualnetworks 1 True True True VMProtectionAlerts
microsoft.operationalinsights/workspaces 1 True True True Audit
microsoft.operationsmanagement/solutions 10 False False False
microsoft.storage/storageaccounts 1 True True False
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Subscription Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Monitoring Important Automation accounts should collect platform diagnostic logs Consider configuring diagnostic settings to capture platform logs from Automation accounts. Fail
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Automation/automationAccounts 1 1 Security Data protection Important Encrypt automation variables Consider encrypting all automation account variables. Additionally consider, using Key Vault to store secrets. Key Vault improves security by tightly controlling access to secrets and improving management controls. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Awareness Use short lived web hooks An expiry time of 1 year is the default for webhook creation. Webhooks should be programmatically rotated at regular intervals - Microsoft recommends setting a shorter time than the default of 1 year. If authentication is required for a webhook consider implementing a pre-shared key in the header - or using an Azure Function. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Important Use managed identity for authentication Consider configure a managed identity for each Automation Account. Pass
Microsoft.Automation/automationAccounts 1 1 Security Monitor Important Audit Automation Account data access Consider configuring diagnostic settings to log access for Automation Account data. Fail
Microsoft.Automation/automationAccounts/runbooks 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Logic/workflows 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 2 1 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added. Pass
Microsoft.Network/networkSecurityGroups 2 1 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/networkSecurityGroups 2 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 2 1 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet. Pass
Microsoft.Network/networkSecurityGroups 2 1 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts. Fail
Microsoft.Network/networkWatchers 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/routeTables 4 1 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/routeTables 4 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid subnet names Consider using names that meet subnet naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid VNET names Consider using names that meet Virtual Network naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 1 1 Reliability Availability Important Use local DNS servers Consider deploying redundant DNS services within a connected Azure VNET. Where possibly consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs. Alternatively consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure. Pass
Microsoft.Network/virtualNetworks 1 1 Reliability Availability Important Use redundant DNS servers Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced. Pass
Microsoft.Network/virtualNetworks 1 1 Security Network segmentation Critical Use NSGs on subnets For virtual network subnets, ensure that a network security groups (NSGs) are assigned. Pass
Microsoft.OperationalInsights/workspaces 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.OperationsManagement/solutions 10 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Storage/storageAccounts 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid storage account names Consider using names that meet Storage Account naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Storage/storageAccounts 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Storage/storageAccounts 1 1 Reliability Data management Important Use blob soft delete Consider enabling soft delete on storage accounts to protect blobs from accidental deletion or modification. Fail
Microsoft.Storage/storageAccounts 1 1 Reliability Data management Important Use geo-replicated storage Consider using GRS for storage accounts that contain data. Fail
Microsoft.Storage/storageAccounts 1 1 Security Application endpoints Important Configure Azure Storage firewall Consider configuring storage firewall to restrict network access to permitted clients only. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 1 1 Security Authentication Important Disallow anonymous access to blob service Consider disallowing anonymous access to storage account blobs unless specifically required. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 1 1 Security Authentication Important Use private blob containers To provide secure access to data always use the Private access type (default). Also consider, disabling public access for the storage account. Pass
Microsoft.Storage/storageAccounts 1 1 Security Encryption Critical Storage Account minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 1 1 Security Encryption Important Enforce encrypted Storage connections Storage accounts should only accept secure traffic. Consider only accepting encrypted connections by setting the Secure transfer required option. Also consider using Azure Policy to audit or enforce this configuration. Fail
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 34 7 9 1 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 3 1 4 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149

Policy Assignment Limit: 0/200

   Download CSV semicolon | comma
Policy DisplayName PolicyId Category ALZ Policy effect Role definitions Unique assignments Used in PolicySets
cust2_Deploy a default budget on all subscriptions under the assigned scope /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/policydefinitions/4a132703-b3fd-4228-aaaa-f46ebc34a324 true Default: DeployIfNotExists; Allowed: DeployIfNotExists,AuditIfNotExists,Disabled Contributor 0 0

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/roleassignments/243cb616-b890-4197-bc2e-98b966ba39f5 none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: ESJH-management

Management Group Id: ESJH-management

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management

0 ManagementGroups below this scope

1 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

No Consumption data available for Subscriptions under this ManagementGroup

   Download CSV semicolon | comma
ResourceType Location Count
microsoft.automation/automationaccounts westeurope 1
microsoft.automation/automationaccounts/runbooks westeurope 1
microsoft.logic/workflows northcentralus 1
microsoft.managedidentity/userassignedidentities northeurope 1
microsoft.network/networksecuritygroups northeurope 1
microsoft.network/networksecuritygroups westeurope 1
microsoft.network/networkwatchers westeurope 1
microsoft.network/routetables northcentralus 3
microsoft.network/routetables southafricanorth 1
microsoft.network/virtualnetworks westeurope 1
microsoft.operationalinsights/workspaces westeurope 1
microsoft.operationsmanagement/solutions westeurope 10
microsoft.storage/storageaccounts eastus 1
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.automation/automationaccounts 1 True True True JobLogs, JobStreams, DscNodeStatus, AuditEvent
microsoft.automation/automationaccounts/runbooks 1 False False False
microsoft.logic/workflows 1 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 1 False False False
microsoft.network/networksecuritygroups 2 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 1 False False False
microsoft.network/routetables 4 False False False
microsoft.network/virtualnetworks 1 True True True VMProtectionAlerts
microsoft.operationalinsights/workspaces 1 True True True Audit
microsoft.operationsmanagement/solutions 10 False False False
microsoft.storage/storageaccounts 1 True True False
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Subscription Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Monitoring Important Automation accounts should collect platform diagnostic logs Consider configuring diagnostic settings to capture platform logs from Automation accounts. Fail
Microsoft.Automation/automationAccounts 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Automation/automationAccounts 1 1 Security Data protection Important Encrypt automation variables Consider encrypting all automation account variables. Additionally consider, using Key Vault to store secrets. Key Vault improves security by tightly controlling access to secrets and improving management controls. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Awareness Use short lived web hooks An expiry time of 1 year is the default for webhook creation. Webhooks should be programmatically rotated at regular intervals - Microsoft recommends setting a shorter time than the default of 1 year. If authentication is required for a webhook consider implementing a pre-shared key in the header - or using an Azure Function. Pass
Microsoft.Automation/automationAccounts 1 1 Security Identity and access management Important Use managed identity for authentication Consider configure a managed identity for each Automation Account. Pass
Microsoft.Automation/automationAccounts 1 1 Security Monitor Important Audit Automation Account data access Consider configuring diagnostic settings to log access for Automation Account data. Fail
Microsoft.Automation/automationAccounts/runbooks 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Logic/workflows 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 2 1 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added. Pass
Microsoft.Network/networkSecurityGroups 2 1 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/networkSecurityGroups 2 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 2 1 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet. Pass
Microsoft.Network/networkSecurityGroups 2 1 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts. Fail
Microsoft.Network/networkWatchers 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/routeTables 4 1 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/routeTables 4 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid subnet names Consider using names that meet subnet naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid VNET names Consider using names that meet Virtual Network naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/virtualNetworks 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/virtualNetworks 1 1 Reliability Availability Important Use local DNS servers Consider deploying redundant DNS services within a connected Azure VNET. Where possibly consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs. Alternatively consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure. Pass
Microsoft.Network/virtualNetworks 1 1 Reliability Availability Important Use redundant DNS servers Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced. Pass
Microsoft.Network/virtualNetworks 1 1 Security Network segmentation Critical Use NSGs on subnets For virtual network subnets, ensure that a network security groups (NSGs) are assigned. Pass
Microsoft.OperationalInsights/workspaces 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.OperationsManagement/solutions 10 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Storage/storageAccounts 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid storage account names Consider using names that meet Storage Account naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Storage/storageAccounts 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Storage/storageAccounts 1 1 Reliability Data management Important Use blob soft delete Consider enabling soft delete on storage accounts to protect blobs from accidental deletion or modification. Fail
Microsoft.Storage/storageAccounts 1 1 Reliability Data management Important Use geo-replicated storage Consider using GRS for storage accounts that contain data. Fail
Microsoft.Storage/storageAccounts 1 1 Security Application endpoints Important Configure Azure Storage firewall Consider configuring storage firewall to restrict network access to permitted clients only. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 1 1 Security Authentication Important Disallow anonymous access to blob service Consider disallowing anonymous access to storage account blobs unless specifically required. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 1 1 Security Authentication Important Use private blob containers To provide secure access to data always use the Private access type (default). Also consider, disabling public access for the storage account. Pass
Microsoft.Storage/storageAccounts 1 1 Security Encryption Critical Storage Account minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider enforcing this setting using Azure Policy. Fail
Microsoft.Storage/storageAccounts 1 1 Security Encryption Important Enforce encrypted Storage connections Storage accounts should only accept secure traffic. Consider only accepting encrypted connections by setting the Secure transfer required option. Also consider using Azure Policy to audit or enforce this configuration. Fail
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
thisScope Mg false false Deploy the Log Analytics in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics Custom Monitoring true DeployIfNotExists automationAccountName=ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466, automationRegion=westeurope, retentionInDays=30, rgName=ESJH-mgmt, workspaceName=ESJH-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, workspaceRegion=westeurope Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a) Deploy-Log-Analytics (SPObjId: 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5) Deploy-Log-Analytics /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 34 7 9 1 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 3 1 4 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149

Policy Assignment Limit: 1/200

0 Custom Policy definitions scoped

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-platform Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/roleassignments/243cb616-b890-4197-bc2e-98b966ba39f5 none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Log-Analytics n/a 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics (Deploy the Log Analytics in the subscription) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/84fb757b-e5ed-44e1-92fa-5d2ed6fe5cd1 none 01/10/2021 20:56:58 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
management (f28ba982-5ed0-4033-9bdf-e45e4b5df466)

Highlight Subscription in HierarchyMap

Subscription Name: management

Subscription Id: f28ba982-5ed0-4033-9bdf-e45e4b5df466

Subscription Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466

State: Enabled

QuotaId: PayAsYouGo_2014-09-01

Microsoft Defender for Cloud Secure Score: 5 of 15 points Video , Blog , docs

   Download CSV semicolon | comma
Plan Tier
AppServices Free
Arm Free
CloudPosture Free
ContainerRegistry Free
Containers Free
CosmosDbs Free
Dns Free
KeyVaults Free
KubernetesService Free
OpenSourceRelationalDatabases Free
SqlServers Free
SqlServerVirtualMachines Free
StorageAccounts Free
VirtualMachines Free
   Download CSV semicolon | comma
Diagnostic setting Target Target Id Administrative Alert Autoscale Policy Recommendation ResourceHealth Security ServiceHealth
subscriptionToLa LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true true true true true true true
   Download CSV semicolon | comma
Tag Name Tag Value
costCenter 4876
   Resource naming and tagging decision guide docs
   Download CSV semicolon | comma
Scope TagName Count
Resource TechnicalContact 1
Subscription costCenter 1

No Consumption data available

10 Resource Groups | Limit: (10/980)

   Download CSV semicolon | comma
Provider State
Microsoft.Management Registered
Microsoft.OperationalInsights Registered
Microsoft.Automation Registered
Microsoft.OperationsManagement Registered
microsoft.insights Registered
Microsoft.Security Registered
Microsoft.ManagedIdentity Registered
Microsoft.GuestConfiguration Registered
Microsoft.PolicyInsights Registered
Microsoft.Network Registered
Microsoft.MarketplaceNotifications Registered
Microsoft.Logic Registered
Microsoft.Web Registered
Microsoft.Advisor Registered
Microsoft.Storage Registered
Dell.Storage NotRegistered
Dynatrace.Observability NotRegistered
Microsoft.AAD NotRegistered
microsoft.aadiam NotRegistered
Microsoft.Addons NotRegistered
Microsoft.ADHybridHealthService Registered
Microsoft.AgFoodPlatform NotRegistered
Microsoft.AlertsManagement NotRegistered
Microsoft.AnalysisServices NotRegistered
Microsoft.AnyBuild NotRegistered
Microsoft.ApiManagement NotRegistered
Microsoft.ApiSecurity NotRegistered
Microsoft.App NotRegistered
Microsoft.AppAssessment NotRegistered
Microsoft.AppComplianceAutomation NotRegistered
Microsoft.AppConfiguration NotRegistered
Microsoft.AppPlatform NotRegistered
Microsoft.Attestation NotRegistered
Microsoft.Authorization Registered
Microsoft.Automanage NotRegistered
Microsoft.AutonomousDevelopmentPlatform NotRegistered
Microsoft.AutonomousSystems NotRegistered
Microsoft.AVS NotRegistered
Microsoft.AzureActiveDirectory NotRegistered
Microsoft.AzureArcData NotRegistered
Microsoft.AzureCIS NotRegistered
Microsoft.AzureData NotRegistered
Microsoft.AzurePercept NotRegistered
Microsoft.AzureScan NotRegistered
Microsoft.AzureSphere NotRegistered
Microsoft.AzureSphereGen2 NotRegistered
Microsoft.AzureSphereV2 NotRegistered
Microsoft.AzureStack NotRegistered
Microsoft.AzureStackHCI NotRegistered
Microsoft.BackupSolutions NotRegistered
Microsoft.BareMetalInfrastructure NotRegistered
Microsoft.Batch NotRegistered
Microsoft.Billing Registered
Microsoft.BillingBenefits NotRegistered
Microsoft.Bing NotRegistered
Microsoft.BlockchainTokens NotRegistered
Microsoft.Blueprint NotRegistered
Microsoft.BotService NotRegistered
Microsoft.Cache NotRegistered
Microsoft.Capacity NotRegistered
Microsoft.Cascade NotRegistered
Microsoft.Cdn NotRegistered
Microsoft.CertificateRegistration NotRegistered
Microsoft.ChangeAnalysis NotRegistered
Microsoft.Chaos NotRegistered
Microsoft.ClassicCompute NotRegistered
Microsoft.ClassicInfrastructureMigrate NotRegistered
Microsoft.ClassicNetwork NotRegistered
Microsoft.ClassicStorage NotRegistered
Microsoft.ClassicSubscription Registered
Microsoft.CloudTest NotRegistered
Microsoft.CodeSigning NotRegistered
Microsoft.Codespaces NotRegistered
Microsoft.CognitiveServices NotRegistered
Microsoft.Commerce Registered
Microsoft.Communication NotRegistered
Microsoft.Compute NotRegistered
Microsoft.ConfidentialLedger NotRegistered
Microsoft.Confluent NotRegistered
Microsoft.ConnectedCache NotRegistered
microsoft.connectedopenstack NotRegistered
Microsoft.ConnectedVehicle NotRegistered
Microsoft.ConnectedVMwarevSphere NotRegistered
Microsoft.Consumption Registered
Microsoft.ContainerInstance NotRegistered
Microsoft.ContainerRegistry NotRegistered
Microsoft.ContainerService NotRegistered
Microsoft.CostManagement Registered
Microsoft.CostManagementExports NotRegistered
Microsoft.CustomerLockbox NotRegistered
Microsoft.CustomProviders NotRegistered
Microsoft.D365CustomerInsights NotRegistered
Microsoft.Dashboard NotRegistered
Microsoft.DataBox NotRegistered
Microsoft.DataBoxEdge NotRegistered
Microsoft.Databricks NotRegistered
Microsoft.DataCatalog NotRegistered
Microsoft.DataCollaboration NotRegistered
Microsoft.Datadog NotRegistered
Microsoft.DataFactory NotRegistered
Microsoft.DataLakeAnalytics NotRegistered
Microsoft.DataLakeStore NotRegistered
Microsoft.DataMigration NotRegistered
Microsoft.DataProtection NotRegistered
Microsoft.DataReplication NotRegistered
Microsoft.DataShare NotRegistered
Microsoft.DBforMariaDB NotRegistered
Microsoft.DBforMySQL NotRegistered
Microsoft.DBforPostgreSQL NotRegistered
Microsoft.DelegatedNetwork NotRegistered
Microsoft.DeploymentManager NotRegistered
Microsoft.DesktopVirtualization NotRegistered
Microsoft.DevAI NotRegistered
Microsoft.DevCenter NotRegistered
Microsoft.DevHub NotRegistered
Microsoft.Devices NotRegistered
Microsoft.DeviceUpdate NotRegistered
Microsoft.DevOps NotRegistered
Microsoft.DevTestLab NotRegistered
Microsoft.DigitalTwins NotRegistered
Microsoft.DocumentDB NotRegistered
Microsoft.DomainRegistration NotRegistered
Microsoft.Easm NotRegistered
Microsoft.EdgeOrder NotRegistered
Microsoft.EdgeZones NotRegistered
Microsoft.Elastic NotRegistered
Microsoft.ElasticSan NotRegistered
Microsoft.EventGrid NotRegistered
Microsoft.EventHub NotRegistered
Microsoft.ExtendedLocation NotRegistered
Microsoft.Falcon NotRegistered
Microsoft.Features Registered
Microsoft.Fidalgo NotRegistered
Microsoft.FluidRelay NotRegistered
Microsoft.HanaOnAzure NotRegistered
Microsoft.HardwareSecurityModules NotRegistered
Microsoft.HDInsight NotRegistered
Microsoft.HealthBot NotRegistered
Microsoft.HealthcareApis NotRegistered
Microsoft.HpcWorkbench NotRegistered
Microsoft.HybridCompute NotRegistered
Microsoft.HybridConnectivity NotRegistered
Microsoft.HybridContainerService NotRegistered
Microsoft.HybridData NotRegistered
Microsoft.HybridNetwork NotRegistered
Microsoft.ImportExport NotRegistered
Microsoft.IntelligentITDigitalTwin NotRegistered
Microsoft.IoTCentral NotRegistered
Microsoft.IoTFirmwareDefense NotRegistered
Microsoft.IoTSecurity NotRegistered
Microsoft.KeyVault NotRegistered
Microsoft.Kubernetes NotRegistered
Microsoft.KubernetesConfiguration NotRegistered
Microsoft.Kusto NotRegistered
Microsoft.LabServices NotRegistered
Microsoft.LoadTestService NotRegistered
Microsoft.Logz NotRegistered
Microsoft.MachineLearning NotRegistered
Microsoft.MachineLearningServices NotRegistered
Microsoft.Maintenance NotRegistered
Microsoft.ManagedNetworkFabric NotRegistered
Microsoft.ManagedServices NotRegistered
Microsoft.Maps NotRegistered
Microsoft.Marketplace NotRegistered
Microsoft.MarketplaceOrdering Registered
Microsoft.Media NotRegistered
Microsoft.Migrate NotRegistered
Microsoft.MixedReality NotRegistered
Microsoft.MobileNetwork NotRegistered
Microsoft.Monitor NotRegistered
Microsoft.NetApp NotRegistered
Microsoft.NetworkAnalytics NotRegistered
Microsoft.NetworkCloud NotRegistered
Microsoft.NetworkFunction NotRegistered
Microsoft.NotificationHubs NotRegistered
Microsoft.ObjectStore NotRegistered
Microsoft.OffAzure NotRegistered
Microsoft.OpenEnergyPlatform NotRegistered
Microsoft.OpenLogisticsPlatform NotRegistered
Microsoft.Orbital NotRegistered
Microsoft.Peering NotRegistered
Microsoft.Pki NotRegistered
Microsoft.PlayFab NotRegistered
Microsoft.Portal Registered
Microsoft.PowerBI NotRegistered
Microsoft.PowerBIDedicated NotRegistered
Microsoft.PowerPlatform NotRegistered
Microsoft.ProviderHub NotRegistered
Microsoft.Purview NotRegistered
Microsoft.Quantum NotRegistered
Microsoft.Quota NotRegistered
Microsoft.RecommendationsService NotRegistered
Microsoft.RecoveryServices NotRegistered
Microsoft.RedHatOpenShift NotRegistered
Microsoft.Relay NotRegistered
Microsoft.ResourceConnector NotRegistered
Microsoft.ResourceGraph Registered
Microsoft.ResourceHealth NotRegistered
Microsoft.Resources Registered
Microsoft.SaaS NotRegistered
Microsoft.Scom NotRegistered
Microsoft.ScVmm NotRegistered
Microsoft.Search NotRegistered
Microsoft.SecurityDetonation NotRegistered
Microsoft.SecurityDevOps NotRegistered
Microsoft.SecurityInsights NotRegistered
Microsoft.SerialConsole Registered
Microsoft.ServiceBus NotRegistered
Microsoft.ServiceFabric NotRegistered
Microsoft.ServiceFabricMesh NotRegistered
Microsoft.ServiceLinker NotRegistered
Microsoft.ServicesHub NotRegistered
Microsoft.SignalRService NotRegistered
Microsoft.Singularity NotRegistered
Microsoft.SoftwarePlan NotRegistered
Microsoft.Solutions NotRegistered
Microsoft.Sql NotRegistered
Microsoft.SqlVirtualMachine NotRegistered
Microsoft.StorageCache NotRegistered
Microsoft.StorageMover NotRegistered
Microsoft.StoragePool NotRegistered
Microsoft.StorageSync NotRegistered
Microsoft.StorSimple NotRegistered
Microsoft.StreamAnalytics NotRegistered
Microsoft.Subscription NotRegistered
microsoft.support Registered
Microsoft.Synapse NotRegistered
microsoft.syntex NotRegistered
Microsoft.TestBase NotRegistered
Microsoft.TimeSeriesInsights NotRegistered
Microsoft.VideoIndexer NotRegistered
Microsoft.VirtualMachineImages NotRegistered
microsoft.visualstudio NotRegistered
Microsoft.VMware NotRegistered
Microsoft.VMwareCloudSimple NotRegistered
Microsoft.VSOnline NotRegistered
Microsoft.WindowsESU NotRegistered
Microsoft.WindowsIoT NotRegistered
Microsoft.WorkloadBuilder NotRegistered
Microsoft.WorkloadMonitor NotRegistered
Microsoft.Workloads NotRegistered
NewRelic.Observability NotRegistered
NGINX.NGINXPLUS NotRegistered
PaloAltoNetworks.Cloudngfw NotRegistered
Qumulo.QaaS NotRegistered
Wandisco.Fusion NotRegistered

0 enabled Subscription Features docs

   Considerations before applying locks docs
Lock scope Lock type presence
SubscriptionCannotDelete0
SubscriptionReadOnly0
ResourceGroupCannotDelete1
ResourceGroupReadOnly0
ResourceCannotDelete0
ResourceReadOnly0
   Download CSV semicolon | comma
ResourceType Location Count
microsoft.automation/automationaccounts westeurope 1
microsoft.automation/automationaccounts/runbooks westeurope 1
microsoft.logic/workflows northcentralus 1
microsoft.managedidentity/userassignedidentities northeurope 1
microsoft.network/networksecuritygroups northeurope 1
microsoft.network/networksecuritygroups westeurope 1
microsoft.network/networkwatchers westeurope 1
microsoft.network/routetables northcentralus 3
microsoft.network/routetables southafricanorth 1
microsoft.network/virtualnetworks westeurope 1
microsoft.operationalinsights/workspaces westeurope 1
microsoft.operationsmanagement/solutions westeurope 10
microsoft.storage/storageaccounts eastus 1
   CAF - Recommended abbreviations for Azure resource types docs
   Resource details can be found in the CSV output *_ResourcesAll.csv
   Download CSV semicolon | comma
ResourceType Recommendation ResourceFriendlyName passed failed passed percentage
microsoft.automation/automationaccounts aa- Automation account 0 1 0%
microsoft.logic/workflows logic- Logic apps 1 0 100%
microsoft.managedidentity/userassignedidentities id- Managed Identity 0 1 0%
microsoft.network/networksecuritygroups nsg- Network security group (NSG) 0 2 0%
microsoft.network/networkwatchers nw- Network Watcher 0 1 0%
microsoft.network/routetables rt- Route table 0 4 0%
microsoft.network/virtualnetworks vnet- Virtual network 1 0 100%
microsoft.operationalinsights/workspaces log- Log Analytics workspace 0 1 0%
microsoft.storage/storageaccounts st, stvm Storage account, VM storage account 0 1 0%
   'Azure Orphan Resources' ARG queries and workbooks GitHub
   Resource details can be found in the CSV output *_ResourcesOrphaned.csv
   Download CSV semicolon | comma
ResourceType Resource count Intent Cost (30 days) Currency
microsoft.network/networksecuritygroups 2 misconfiguration
microsoft.network/routetables 4 misconfiguration
microsoft.resources/subscriptions/resourcegroups 2 clean up
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.automation/automationaccounts 1 True True True JobLogs, JobStreams, DscNodeStatus, AuditEvent
microsoft.automation/automationaccounts/runbooks 1 False False False
microsoft.logic/workflows 1 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 1 False False False
microsoft.network/networksecuritygroups 2 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/networkwatchers 1 False False False
microsoft.network/routetables 4 False False False
microsoft.network/virtualnetworks 1 True True True VMProtectionAlerts
microsoft.operationalinsights/workspaces 1 True True True Audit
microsoft.operationsmanagement/solutions 10 False False False
microsoft.storage/storageaccounts 1 True True False
   Managed identity 'user-assigned' vs 'system-assigned' docs
   Download CSV semicolon | comma
MI Name MI MgPath MI Subscription Name MI Subscription Id MI ResourceGroup MI ResourceId MI AAD SP objectId MI AAD SP applicationId MI count Res assignments Res Name Res Type Res MgPath Res Subscription Name Res Subscription Id Res ResourceGroup Res Id Res count assigned MIs
miCentral001 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 management f28ba982-5ed0-4033-9bdf-e45e4b5df466 rg-id /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/rg-id/providers/Microsoft.ManagedIdentity/userAssignedIdentities/miCentral001 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 9059759b-7400-477d-9798-380d10e5cc96 2 ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Microsoft.Automation/automationAccounts 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 management f28ba982-5ed0-4033-9bdf-e45e4b5df466 ESJH-mgmt /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourceGroups/ESJH-mgmt/providers/Microsoft.Automation/automationAccounts/ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466 1
micentral001 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 management f28ba982-5ed0-4033-9bdf-e45e4b5df466 rg-id /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/rg-id/providers/microsoft.managedidentity/userassignedidentities/micentral001 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 9059759b-7400-477d-9798-380d10e5cc96 2 logic-centralServices001 Microsoft.Logic/workflows 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-platform/ESJH-management/f28ba982-5ed0-4033-9bdf-e45e4b5df466 management f28ba982-5ed0-4033-9bdf-e45e4b5df466 rg-logic /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourceGroups/rg-logic/providers/Microsoft.Logic/workflows/logic-centralServices001 1
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Automation/automationAccounts 1 Operational Excellence Monitoring Important Automation accounts should collect platform diagnostic logs Consider configuring diagnostic settings to capture platform logs from Automation accounts.
Microsoft.Automation/automationAccounts 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Automation/automationAccounts 1 Security Data protection Important Encrypt automation variables Consider encrypting all automation account variables. Additionally consider, using Key Vault to store secrets. Key Vault improves security by tightly controlling access to secrets and improving management controls.
Microsoft.Automation/automationAccounts 1 Security Identity and access management Awareness Use short lived web hooks An expiry time of 1 year is the default for webhook creation. Webhooks should be programmatically rotated at regular intervals - Microsoft recommends setting a shorter time than the default of 1 year. If authentication is required for a webhook consider implementing a pre-shared key in the header - or using an Azure Function.
Microsoft.Automation/automationAccounts 1 Security Identity and access management Important Use managed identity for authentication Consider configure a managed identity for each Automation Account.
Microsoft.Automation/automationAccounts 1 Security Monitor Important Audit Automation Account data access Consider configuring diagnostic settings to log access for Automation Account data.
Microsoft.Automation/automationAccounts/runbooks 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Logic/workflows 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.ManagedIdentity/userAssignedIdentities 1 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.ManagedIdentity/userAssignedIdentities 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/networkSecurityGroups 2 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added.
Microsoft.Network/networkSecurityGroups 2 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/networkSecurityGroups 2 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/networkSecurityGroups 2 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet.
Microsoft.Network/networkSecurityGroups 2 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts.
Microsoft.Network/networkWatchers 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/routeTables 4 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/routeTables 4 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/virtualNetworks 2 Operational Excellence Repeatable infrastructure Awareness Use valid subnet names Consider using names that meet subnet naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/virtualNetworks 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/virtualNetworks 2 Reliability Availability Important Use redundant DNS servers Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced.
Microsoft.Network/virtualNetworks 1 Security Network segmentation Critical Use NSGs on subnets For virtual network subnets, ensure that a network security groups (NSGs) are assigned.
Microsoft.OperationalInsights/workspaces 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.OperationsManagement/solutions 10 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Storage/storageAccounts 1 Operational Excellence Repeatable infrastructure Awareness Use valid storage account names Consider using names that meet Storage Account naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Storage/storageAccounts 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Storage/storageAccounts 2 Reliability Data management Important Use geo-replicated storage Consider using GRS for storage accounts that contain data.
Microsoft.Storage/storageAccounts 1 Security Application endpoints Important Configure Azure Storage firewall Consider configuring storage firewall to restrict network access to permitted clients only. Also consider enforcing this setting using Azure Policy.
Microsoft.Storage/storageAccounts 1 Security Authentication Important Disallow anonymous access to blob service Consider disallowing anonymous access to storage account blobs unless specifically required. Also consider enforcing this setting using Azure Policy.
Microsoft.Storage/storageAccounts 1 Security Authentication Important Use private blob containers To provide secure access to data always use the Private access type (default). Also consider, disabling public access for the storage account.
Microsoft.Storage/storageAccounts 1 Security Encryption Critical Storage Account minimum TLS version Consider configuring the minimum supported TLS version to be 1.2. Also consider enforcing this setting using Azure Policy.
Microsoft.Storage/storageAccounts 1 Security Encryption Important Enforce encrypted Storage connections Storage accounts should only accept secure traffic. Consider only accepting encrypted connections by setting the Secure transfer required option. Also consider using Azure Policy to audit or enforce this configuration.
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH-management false false Deploy the Log Analytics in the subscription /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-log-analytics Custom Monitoring true DeployIfNotExists automationAccountName=ESJH-a-f28ba982-5ed0-4033-9bdf-e45e4b5df466, automationRegion=westeurope, retentionInDays=30, rgName=ESJH-mgmt, workspaceName=ESJH-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, workspaceRegion=westeurope Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a) Deploy-Log-Analytics (SPObjId: 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5) Deploy-Log-Analytics /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics n/a 01/10/2021 20:58:37 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 1 0 1 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 1 0 1 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 34 7 9 1 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 1 3 1 4 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
thisScope Sub false 1234_API_MG_RA_onRG_(1234_RG_CUST) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/1234_api_mg_ra_onrg_(1234_rg_cust) Custom 1234_RgRoleAssignment false aadObjectIdGroup=2aa667c2-7395-404a-8000-3f7b675680d4, aadObjectIdServicePrincipal=506ae68a-a1f7-42f7-9285-c54ef56a3006, roleDefinitionIdGroup=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c, roleDefinitionIdServicePrincipal=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 Owner (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e9) 1234_APA_Sub_RoleAssignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 (SPObjId: 266be8b1-7aa5-466c-b0d0-8010d97473c4) /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 n/a 09/15/2021 12:33:38 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a

Policy Assignment Limit: 1/200

   Download CSV semicolon | comma
Policy DisplayName PolicyId Category ALZ Policy effect Role definitions Unique assignments Used in PolicySets
Create NSG Rule /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/4e7e976d-d94c-47a3-a534-392c641cecd8 CUST_NSG false Fixed: append n/a 0 0
myPipelinePolicy /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Cache false Default: Audit; Allowed: Audit,Deny n/a 0 0

0 Custom PolicySet definitions scoped

0 Blueprints assigned

0 Blueprints scoped

   Download CSV semicolon | comma
Role Identity
ServiceAdministrator its.joe.dalton@azgovviz.net
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-management Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Log-Analytics n/a 2f3b9d0b-e8eb-4197-9cdf-ca6bde5dd3e5 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/b95d2309-e3d0-5961-bef8-a3e75deca49a /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/policyassignments/deploy-log-analytics (Deploy the Log Analytics in the subscription) 01/10/2021 20:58:39 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-management Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-management/providers/microsoft.authorization/roleassignments/84fb757b-e5ed-44e1-92fa-5d2ed6fe5cd1 none 01/10/2021 20:56:58 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH-platform Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-platform/providers/microsoft.authorization/roleassignments/243cb616-b890-4197-bc2e-98b966ba39f5 none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipelineDev n/a 3a4c97c7-ae6d-4d5a-a9c7-2bb2e0127fb4 SP APP INT direct /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/dcf8128a-c871-401d-8b3a-1114552cdf25 none 10/27/2021 14:07:20 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True 1234_APA_Sub_RoleAssignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 n/a 266be8b1-7aa5-466c-b0d0-8010d97473c4 SP MI Sys direct /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/bd05d68a-7876-4d09-88c9-65c5509b64e9 /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/policyassignments/1234_apa_sub_roleassignment_f28ba982-5ed0-4033-9bdf-e45e4b5df466 (1234_API_MG_RA_onRG_(1234_RG_CUST)) 09/15/2021 12:53:08 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ra0 n/a 862a78e3-3e64-4272-a758-c987b2410718 Group direct 0 (Usr: 0, Grp: 0, SP: 0) /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/5027d9f5-dfe7-56e3-a185-5454d92ed309 none 03/16/2022 23:58:30 ObjectType: SP MI Sys, ObjectDisplayName: enforce0, ObjectSignInName: n/a, ObjectId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16
thisScope Sub RG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False user03 user03@AzGovViz.onmicrosoft.com c472fa07-5319-4f5f-8bcd-00d4162bb8fd User Member direct /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/nsg/providers/microsoft.authorization/roleassignments/1fe0074e-959c-4d3e-9478-9dc99a34062a none 05/18/2021 17:59:58 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG Res Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 Builtin false False e184b6792089442786621cfe n/a 71f8ba53-97da-4880-8d02-8b22176c9317 SP MI Sys direct /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/8a2c62a5-a882-4427-af78-6c7af11325fa /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe (DiagSubscriptionsDim) 06/24/2022 15:48:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

Highlight Management Group in HierarchyMap

Management Group Name: ESJH-sandboxes

Management Group Id: ESJH-sandboxes

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes

1 ManagementGroups below this scope

0 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

No Consumption data available for Subscriptions under this ManagementGroup

0 ResourceTypes (all Subscriptions below this scope)

0 ResourceTypes (1st party) Diagnostics capable (all Subscriptions below this scope)

No PSRule for Azure results

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
thisScope Mg false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default 0 0 0 0 0 none Audit VMs that do not use managed disks /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b1 Joe Dalton 05/05/2021 19:52:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Mg false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b2 n/a 07/06/2021 09:42:48 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
thisScope Mg false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default 0 0 0 0 0 none APA2 Audit VMs that do not use managed disks /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b3 n/a 07/06/2021 10:32:34 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
thisScope Mg false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default 0 0 0 0 0 none APA3 Audit VMs that do not use managed disks /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b4 n/a 07/06/2021 11:59:31 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 0 0 0 0 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149

Policy Assignment Limit: 4/200

0 Custom Policy definitions scoped

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c11 none 07/05/2021 08:20:09 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: CUST_T5 atz

Management Group Id: CUST_T5

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-sandboxes/CUST_T5

0 ManagementGroups below this scope

0 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

No Consumption data available for Subscriptions under this ManagementGroup

0 ResourceTypes (all Subscriptions below this scope)

0 ResourceTypes (1st party) Diagnostics capable (all Subscriptions below this scope)

No PSRule for Azure results

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
thisScope Mg false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policyassignments/aa4f4fdfd3b04fb3962a9da9 Joe Dalton 07/15/2021 15:16:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH-sandboxes false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default 0 0 0 0 0 none Audit VMs that do not use managed disks /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b1 Joe Dalton 05/05/2021 19:52:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH-sandboxes false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default 0 0 0 0 0 none APA Audit VMs that do not use managed disks /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b2 n/a 07/06/2021 09:42:48 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH-sandboxes false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default 0 0 0 0 0 none APA2 Audit VMs that do not use managed disks /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b3 n/a 07/06/2021 10:32:34 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH-sandboxes false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default 0 0 0 0 0 none APA3 Audit VMs that do not use managed disks /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/policyassignments/8d73a6aa8a0a4ea2b58de2b4 n/a 07/06/2021 11:59:31 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false false Deploy Azure Defender settings in Azure Security Center. /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-asc-standard Custom Security Center true DeployIfNotExists pricingTierAppServices=Standard, pricingTierArm=Standard, pricingTierContainerRegistry=Standard, pricingTierDns=Standard, pricingTierKeyVaults=Standard, pricingTierKubernetesService=Standard, pricingTierSqlServers=Standard, pricingTierStorageAccounts=Standard, pricingTierVms=Standard Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf) Deploy-ASC-Security (SPObjId: 4cb4c797-237b-4e64-b2cf-66f841700442) Deploy-ASC-Defender /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Deploy Diagnostic Settings for Activity Log to Log Analytics workspace /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-activitylog Custom Monitoring true DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466, logsEnabled=True Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e) Deploy-AzActivity-Log (SPObjId: 1691aa06-da2e-43f0-98f9-af12494603a9) Deploy-AzActivity-Log /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below /providers/microsoft.authorization/policydefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf) Deploy-LX-Arc-Monitoring (SPObjId: 9ed01b2b-9311-41a8-8897-0a329047be49) Deploy-Linux-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Configure Log Analytics extension on Azure Arc enabled Windows servers /providers/microsoft.authorization/policydefinitions/69af7d4a-7b18-4044-93a9-2651498ef203 BuiltIn Monitoring False DeployIfNotExists logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed) Deploy-WS-Arc-Monitoring (SPObjId: b0bdcb08-09c9-4d9d-957e-963d255e7220) Deploy-Windows-Arc-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false false Enforce Role assignment at Subscription Scope /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policydefinitions/enforce-roleassignment-subscriptionscope Custom n/a false deployIfNotExists targetAADObjectId=862a78e3-3e64-4272-a758-c987b2410718, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815) enforce0 (SPObjId: 79d69f2f-2fbe-409e-84c3-3e510c18fd16) /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 n/a 03/16/2022 23:28:22 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited ESJH false Azure Security Benchmark /providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8 BuiltIn Security Center False Default 0 0 0 0 0 none ASC-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-monitoring n/a 01/10/2021 21:00:45 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Deploy Diagnostic Settings to Azure Services /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policysetdefinitions/deploy-diag-loganalytics Custom Monitoring true logAnalytics=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc) Deploy-Resource-Diag (SPObjId: e51576ad-748d-462b-9d70-cb3b03e6c2e6) Deploy-Resource-Diag /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH false Legacy - Enable Azure Monitor for VMs /providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374) Deploy-VM-Monitoring (SPObjId: 065dde0b-5eab-4fce-80ee-ec956e94c498) Deploy-VM-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring n/a 01/10/2021 21:00:44 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149 07/09/2021 16:04:52 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited ESJH false Legacy - Enable Azure Monitor for Virtual Machine Scale Sets /providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad BuiltIn Monitoring False logAnalytics_1=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 0 0 0 0 Owner (/providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870) Deploy-VMSS-Monitoring (SPObjId: a3a4908f-b068-455e-a3f5-38cc5e00448f) Deploy-VMSS-Monitoring /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring n/a 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149

Policy Assignment Limit: 1/200

   Download CSV semicolon | comma
Policy DisplayName PolicyId Category ALZ Policy effect Role definitions Unique assignments Used in PolicySets
Public network access should be disabled for MariaDB /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deny-publicendpoint-mariadb SQL true Default: Deny; Allowed: Audit,Deny,Disabled n/a 0 0
SQL managed instances deploy a specific min TLS version requirement. /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policydefinitions/deploy-sqlmi-mintls SQL true Default: DeployIfNotExists; Allowed: DeployIfNotExists,Disabled Owner 0 0
   Download CSV semicolon | comma
PolicySet DisplayName PolicySetId Category ALZ Unique assignments Policies Used
Deny or Audit resources without Encryption with a customer-managed key (CMK) /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk Encryption true 0 15 (Azure API for FHIR should use a customer-managed key to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/051cba44-2429-45b9-9649-46cec11c7119), Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources (/providers/microsoft.authorization/policydefinitions/0961003e-5a0a-4549-abde-af6a37f2724d), [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd), PostgreSQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274), Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f), Container registries should be encrypted with a customer-managed key (/providers/microsoft.authorization/policydefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580), Cognitive Services accounts should enable data encryption with a customer-managed key (/providers/microsoft.authorization/policydefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d), Storage accounts should use customer-managed key for encryption (/providers/microsoft.authorization/policydefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25), Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys (/providers/microsoft.authorization/policydefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67), MySQL servers should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833), Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password (/providers/microsoft.authorization/policydefinitions/86efb160-8de7-451d-bc08-5d475b0aadae), Azure Stream Analytics jobs should use customer-managed keys to encrypt data (/providers/microsoft.authorization/policydefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7), Azure Batch account should use customer-managed keys to encrypt data (/providers/microsoft.authorization/policydefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a), Azure Machine Learning workspaces should be encrypted with a customer-managed key (/providers/microsoft.authorization/policydefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8), Azure Synapse workspaces should use customer-managed keys to encrypt data at rest (/providers/microsoft.authorization/policydefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385))

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VM-Monitoring n/a 065dde0b-5eab-4fce-80ee-ec956e94c498 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/5d92332d-fe07-5cef-9c6b-33e5025d6374 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vm-monitoring (Legacy - Enable Azure Monitor for VMs) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-AzActivity-Log n/a 1691aa06-da2e-43f0-98f9-af12494603a9 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/e5ac6b58-4f31-5956-9082-78d97ba2453e /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-azactivity-log (Deploy Diagnostic Settings for Activity Log to Log Analytics workspace) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-ASC-Security n/a 4cb4c797-237b-4e64-b2cf-66f841700442 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/538e5329-7b5d-511f-8c05-9c7c32dab0bf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-asc-security (Deploy Azure Defender settings in Azure Security Center.) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/f8d8ca86-6fdf-4ad5-b801-5e1b3eba3171 none 01/10/2021 20:55:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True enforce0 n/a 79d69f2f-2fbe-409e-84c3-3e510c18fd16 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/b429c46d-6843-4a51-a74e-8a484de47815 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/enforce0 (Enforce Role assignment at Subscription Scope) 03/16/2022 23:57:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-LX-Arc-Monitoring n/a 9ed01b2b-9311-41a8-8897-0a329047be49 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/ddc0ff3c-a3d0-5d5b-ba19-116b6572acbf /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-lx-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Linux servers. See deprecation notice below) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-VMSS-Monitoring n/a a3a4908f-b068-455e-a3f5-38cc5e00448f SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/2d361fa3-7bd4-5234-9b12-1f54afa65870 /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-vmss-monitoring (Legacy - Enable Azure Monitor for Virtual Machine Scale Sets) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-WS-Arc-Monitoring n/a b0bdcb08-09c9-4d9d-957e-963d255e7220 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/38abf737-131b-52a2-90da-78943675bfed /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-ws-arc-monitoring (Configure Log Analytics extension on Azure Arc enabled Windows servers) 01/10/2021 21:00:50 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Deploy-Resource-Diag n/a e51576ad-748d-462b-9d70-cb3b03e6c2e6 SP MI Sys direct /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/roleassignments/45afca7b-a696-5947-a47f-960081dd1dbc /providers/microsoft.management/managementgroups/esjh/providers/microsoft.authorization/policyassignments/deploy-resource-diag (Deploy Diagnostic Settings to Azure Services) 01/10/2021 21:00:47 ObjectType: User Member, ObjectDisplayName: ESDeploymentAccount, ObjectSignInName: ESDeploymentAccount@AzGovViz.onmicrosoft.com, ObjectId: b790b1e1-6f46-488b-8c5a-708b0db9a149
inherited ESJH-sandboxes Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c5f none 01/10/2021 20:56:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited ESJH-sandboxes Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/esjh-sandboxes/providers/microsoft.authorization/roleassignments/5c852bb9-bc65-44cb-a7d7-f230589f9c11 none 07/05/2021 08:20:09 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.management/managementgroups/cust_t5/providers/microsoft.authorization/roleassignments/3c72bcce-6116-4d33-9f8a-927083beee40 none 05/18/2021 18:14:50 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: ESJHDEV

Management Group Id: ESJHDEV

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJHDEV

0 ManagementGroups below this scope

0 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

No Consumption data available for Subscriptions under this ManagementGroup

0 ResourceTypes (all Subscriptions below this scope)

0 ResourceTypes (1st party) Diagnostics capable (all Subscriptions below this scope)

No PSRule for Azure results

0 Policy assignments

0 PolicySet assignments

Policy Assignment Limit: 0/200

0 Custom Policy definitions scoped

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/esjhdev/providers/microsoft.authorization/roleassignments/983c43f8-1c29-4c73-9816-b69d38226be4 none 07/06/2021 13:09:24 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: ESJHQA

Management Group Id: ESJHQA

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/ESJHQA

0 ManagementGroups below this scope

0 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

No Consumption data available for Subscriptions under this ManagementGroup

0 ResourceTypes (all Subscriptions below this scope)

0 ResourceTypes (1st party) Diagnostics capable (all Subscriptions below this scope)

No PSRule for Azure results

0 Policy assignments

0 PolicySet assignments

Policy Assignment Limit: 0/200

0 Custom Policy definitions scoped

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Security Reader 39bc4728-0917-49c7-9d2c-d95423bc2eb4 Builtin false False group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group direct 0 (Usr: 0, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/e010f291-49a9-4d4b-be4d-55c6aeb164cd none 08/06/2021 09:30:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Log Analytics Reader 73c42c96-874c-492b-b04d-ab87d138a893 Builtin false False group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group indirect group05OneMemberGroupWithNoMembers (c57f8838-1603-4932-b3c4-9572feea9173) 1 (Usr: 0, Grp: 1, SP: 0) /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 none 08/06/2021 09:30:52 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Log Analytics Reader 73c42c96-874c-492b-b04d-ab87d138a893 Builtin false False group05OneMemberGroupWithNoMembers n/a c57f8838-1603-4932-b3c4-9572feea9173 Group direct 1 (Usr: 0, Grp: 1, SP: 0) /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/fe935a9c-928f-4dec-aafb-54ecc2642cf3 none 08/06/2021 09:30:52 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/esjhqa/providers/microsoft.authorization/roleassignments/9f1fe9df-5a9c-46ca-b881-154ecd19eaa7 none 07/06/2021 10:02:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: test01

Management Group Id: test01

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/test01

2 ManagementGroups below this scope

1 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: 28.57 Video , Blog , docs

No Management Group Diagnostic settings docs

   Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (30d) Currency Subscriptions
Usage Microsoft.Security/pricings Advanced Threat Protection 1 0.01 EUR 1
   Download CSV semicolon | comma
ResourceType Location Count
microsoft.logic/workflows westeurope 1
microsoft.managedidentity/userassignedidentities westeurope 1
microsoft.network/networksecuritygroups northeurope 1
microsoft.network/networksecuritygroups southafricanorth 1
microsoft.network/networksecuritygroups westeurope 3
microsoft.network/routetables westeurope 1
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.logic/workflows 1 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 1 False False False
microsoft.network/networksecuritygroups 5 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/routetables 1 False False False
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Subscription Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Logic/workflows 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 5 1 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added. Pass
Microsoft.Network/networkSecurityGroups 5 1 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/networkSecurityGroups 4 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 5 1 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet. Pass
Microsoft.Network/networkSecurityGroups 5 1 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts. Fail
Microsoft.Network/routeTables 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/routeTables 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
thisScope Mg false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) 1234_APA_MG_RA_onSubReader /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 Joe Dalton 03/10/2022 15:03:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Mg false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) 1234_APA_MG_RA_onSubOwner /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 Joe Dalton 03/10/2022 13:32:29 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Mg false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) 1234_APA_MG_RA_onSubContr /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f Joe Dalton 03/10/2022 13:33:42 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Mg false false My_AP_MG_raOnSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a Custom RBAC false deployIfNotExists targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) My_AP_MG_raOnSub /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 Joe Dalton 03/11/2022 07:44:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 08:14:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Mg false false myPipelinePolicy /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Custom Cache false Audit effect=Audit Default 0 0 0 0 0 none assmgtest01 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 n/a 10/27/2021 14:40:15 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1

0 PolicySet assignments

Policy Assignment Limit: 5/200

0 Custom Policy definitions scoped

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True MS-PIM n/a f70514be-80e6-46e8-b985-ce72f5ee8e09 SP APP EXT direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 none 04/27/2022 21:29:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True n/a n/a 604ec94a-0860-478f-bc42-a2b599f1a505 Unknown direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f none 03/09/2022 16:37:12 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 none 10/27/2021 14:29:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
thisScope MG Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a none 04/27/2022 21:30:12 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
thisScope MG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 1b5ac3236f0246ef83a14435 n/a 04b9b3f5-86a7-48cf-85fd-cce9468568db SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) 03/10/2022 15:03:14 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True a2d9426ccece4000b889c72f n/a 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) 03/10/2022 13:33:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True abe0212187e243e89ce5a623 n/a 41d30710-9d12-4361-ad69-ad313b2c427c SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) 03/11/2022 07:44:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 5f9ec45db52f479e940fc150 n/a 84a55248-e141-4ea6-b6ad-23791f5e8980 SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) 03/10/2022 13:32:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: test01-APAC

Management Group Id: test01-APAC_ID

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-APAC_ID

0 ManagementGroups below this scope

0 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: n/a Video , Blog , docs

No Management Group Diagnostic settings docs

No Consumption data available for Subscriptions under this ManagementGroup

0 ResourceTypes (all Subscriptions below this scope)

0 ResourceTypes (1st party) Diagnostics capable (all Subscriptions below this scope)

No PSRule for Azure results

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited test01 false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) 1234_APA_MG_RA_onSubReader /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 Joe Dalton 03/10/2022 15:03:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists Default 0 0 0 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) 1234_APA_MG_RA_onSubOwner /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 Joe Dalton 03/10/2022 13:32:29 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c Default 0 0 0 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) 1234_APA_MG_RA_onSubContr /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f Joe Dalton 03/10/2022 13:33:42 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false My_AP_MG_raOnSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a Custom RBAC false deployIfNotExists targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 0 0 0 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) My_AP_MG_raOnSub /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 Joe Dalton 03/11/2022 07:44:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 08:14:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false myPipelinePolicy /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Custom Cache false Audit effect=Audit Default 0 0 0 0 0 none assmgtest01 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 n/a 10/27/2021 14:40:15 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1

0 PolicySet assignments

Policy Assignment Limit: 0/200

0 Custom Policy definitions scoped

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True MS-PIM n/a f70514be-80e6-46e8-b985-ce72f5ee8e09 SP APP EXT direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 none 04/27/2022 21:29:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True n/a n/a 604ec94a-0860-478f-bc42-a2b599f1a505 Unknown direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f none 03/09/2022 16:37:12 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 none 10/27/2021 14:29:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited test01 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a none 04/27/2022 21:30:12 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 1b5ac3236f0246ef83a14435 n/a 04b9b3f5-86a7-48cf-85fd-cce9468568db SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) 03/10/2022 15:03:14 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True a2d9426ccece4000b889c72f n/a 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) 03/10/2022 13:33:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True abe0212187e243e89ce5a623 n/a 41d30710-9d12-4361-ad69-ad313b2c427c SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) 03/11/2022 07:44:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 5f9ec45db52f479e940fc150 n/a 84a55248-e141-4ea6-b6ad-23791f5e8980 SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) 03/10/2022 13:32:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/test01-apac_id/providers/microsoft.authorization/roleassignments/d53a075b-ed91-4ece-b9e4-86c5a57d50bf none 01/31/2022 05:19:20 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)

0 Subscriptions linked

Highlight Management Group in HierarchyMap

Management Group Name: test01-EMEA

Management Group Id: test01-EMEA_ID

Management Group Path: 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID

0 ManagementGroups below this scope

1 Subscriptions below this scope

Microsoft Defender for Cloud Secure Score: 28.57 Video , Blog , docs

No Management Group Diagnostic settings docs

   Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (30d) Currency Subscriptions
Usage Microsoft.Security/pricings Advanced Threat Protection 1 0.01 EUR 1
   Download CSV semicolon | comma
ResourceType Location Count
microsoft.logic/workflows westeurope 1
microsoft.managedidentity/userassignedidentities westeurope 1
microsoft.network/networksecuritygroups northeurope 1
microsoft.network/networksecuritygroups southafricanorth 1
microsoft.network/networksecuritygroups westeurope 3
microsoft.network/routetables westeurope 1
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.logic/workflows 1 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 1 False False False
microsoft.network/networksecuritygroups 5 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/routetables 1 False False False
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Subscription Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Logic/workflows 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.ManagedIdentity/userAssignedIdentities 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 5 1 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added. Pass
Microsoft.Network/networkSecurityGroups 5 1 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/networkSecurityGroups 4 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
Microsoft.Network/networkSecurityGroups 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Pass
Microsoft.Network/networkSecurityGroups 5 1 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet. Pass
Microsoft.Network/networkSecurityGroups 5 1 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts. Fail
Microsoft.Network/routeTables 1 1 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention. Pass
Microsoft.Network/routeTables 1 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags. Fail
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited test01 false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) 1234_APA_MG_RA_onSubReader /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 Joe Dalton 03/10/2022 15:03:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) 1234_APA_MG_RA_onSubOwner /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 Joe Dalton 03/10/2022 13:32:29 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) 1234_APA_MG_RA_onSubContr /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f Joe Dalton 03/10/2022 13:33:42 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false My_AP_MG_raOnSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a Custom RBAC false deployIfNotExists targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) My_AP_MG_raOnSub /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 Joe Dalton 03/11/2022 07:44:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 08:14:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false myPipelinePolicy /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Custom Cache false Audit effect=Audit Default 0 0 0 0 0 none assmgtest01 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 n/a 10/27/2021 14:40:15 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1

0 PolicySet assignments

Policy Assignment Limit: 0/200

0 Custom Policy definitions scoped

0 Custom PolicySet definitions scoped

0 Blueprints scoped

   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True MS-PIM n/a f70514be-80e6-46e8-b985-ce72f5ee8e09 SP APP EXT direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 none 04/27/2022 21:29:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True n/a n/a 604ec94a-0860-478f-bc42-a2b599f1a505 Unknown direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f none 03/09/2022 16:37:12 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 none 10/27/2021 14:29:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited test01 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a none 04/27/2022 21:30:12 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 1b5ac3236f0246ef83a14435 n/a 04b9b3f5-86a7-48cf-85fd-cce9468568db SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) 03/10/2022 15:03:14 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True a2d9426ccece4000b889c72f n/a 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) 03/10/2022 13:33:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True abe0212187e243e89ce5a623 n/a 41d30710-9d12-4361-ad69-ad313b2c427c SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) 03/11/2022 07:44:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 5f9ec45db52f479e940fc150 n/a 84a55248-e141-4ea6-b6ad-23791f5e8980 SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) 03/10/2022 13:32:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope MG Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/test01-emea_id/providers/microsoft.authorization/roleassignments/b3e7a86e-9057-45d0-b7da-004932703b32 none 12/31/2021 09:59:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
payg0 (a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2)

Highlight Subscription in HierarchyMap

Subscription Name: payg0

Subscription Id: a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2

Subscription Path: 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2

State: Enabled

QuotaId: PayAsYouGo_2014-09-01

Microsoft Defender for Cloud Secure Score: 4 of 14 points Video , Blog , docs

   Using deprecated plan 'Container registries' docs
   Using deprecated plan 'Kubernetes' docs
   Download CSV semicolon | comma
Plan Tier
AppServices Standard
Arm Standard
CloudPosture Free
ContainerRegistry Standard
Containers Free
CosmosDbs Free
Dns Standard
KeyVaults Standard
KubernetesService Standard
OpenSourceRelationalDatabases Free
SqlServers Standard
SqlServerVirtualMachines Free
StorageAccounts Standard
VirtualMachines Standard
   Download CSV semicolon | comma
Diagnostic setting Target Target Id Administrative Alert Autoscale Policy Recommendation ResourceHealth Security ServiceHealth
SendToGovernanceLAW LA /subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 true true false false false false false true
   Download CSV semicolon | comma
Tag Name Tag Value
responsible Jack Dalton jdalton
   Resource naming and tagging decision guide docs
   Download CSV semicolon | comma
Scope TagName Count
Resource costCenter 1
Subscription responsible 1
   Download CSV semicolon | comma
ChargeType ResourceType Category ResourceCount Cost (30d) Currency
Usage Microsoft.Security/pricings Advanced Threat Protection 1 0.01 EUR

7 Resource Groups | Limit: (7/980)

   Download CSV semicolon | comma
Provider State
Microsoft.Security Registered
Microsoft.GuestConfiguration Registered
Microsoft.PolicyInsights Registered
Microsoft.ManagedServices Registered
Microsoft.ContainerInstance Registered
Microsoft.ContainerRegistry Registered
Microsoft.ContainerService Registered
Microsoft.Marketplace Registered
Microsoft.AppAssessment Registered
Microsoft.AppConfiguration Registered
Microsoft.AppPlatform Registered
Microsoft.CustomProviders Registered
Microsoft.ProviderHub Registered
Microsoft.MarketplaceNotifications Registered
Microsoft.Network Registered
Microsoft.Advisor Registered
Microsoft.Logic Registered
Microsoft.Web Registered
Microsoft.ManagedIdentity Registered
Dell.Storage NotRegistered
Dynatrace.Observability NotRegistered
Microsoft.AAD NotRegistered
microsoft.aadiam NotRegistered
Microsoft.Addons NotRegistered
Microsoft.ADHybridHealthService Registered
Microsoft.AgFoodPlatform NotRegistered
Microsoft.AlertsManagement NotRegistered
Microsoft.AnalysisServices NotRegistered
Microsoft.AnyBuild NotRegistered
Microsoft.ApiManagement NotRegistered
Microsoft.ApiSecurity NotRegistered
Microsoft.App NotRegistered
Microsoft.AppComplianceAutomation NotRegistered
Microsoft.Attestation NotRegistered
Microsoft.Authorization Registered
Microsoft.Automanage NotRegistered
Microsoft.Automation NotRegistered
Microsoft.AutonomousDevelopmentPlatform NotRegistered
Microsoft.AutonomousSystems NotRegistered
Microsoft.AVS NotRegistered
Microsoft.AzureActiveDirectory NotRegistered
Microsoft.AzureArcData NotRegistered
Microsoft.AzureCIS NotRegistered
Microsoft.AzureData NotRegistered
Microsoft.AzurePercept NotRegistered
Microsoft.AzureScan NotRegistered
Microsoft.AzureSphere NotRegistered
Microsoft.AzureSphereGen2 NotRegistered
Microsoft.AzureSphereV2 NotRegistered
Microsoft.AzureStack NotRegistered
Microsoft.AzureStackHCI NotRegistered
Microsoft.BackupSolutions NotRegistered
Microsoft.BareMetalInfrastructure NotRegistered
Microsoft.Batch NotRegistered
Microsoft.Billing Registered
Microsoft.BillingBenefits NotRegistered
Microsoft.Bing NotRegistered
Microsoft.BlockchainTokens NotRegistered
Microsoft.Blueprint NotRegistered
Microsoft.BotService NotRegistered
Microsoft.Cache NotRegistered
Microsoft.Capacity NotRegistered
Microsoft.Cascade NotRegistered
Microsoft.Cdn NotRegistered
Microsoft.CertificateRegistration NotRegistered
Microsoft.ChangeAnalysis NotRegistered
Microsoft.Chaos NotRegistered
Microsoft.ClassicCompute NotRegistered
Microsoft.ClassicInfrastructureMigrate NotRegistered
Microsoft.ClassicNetwork NotRegistered
Microsoft.ClassicStorage NotRegistered
Microsoft.ClassicSubscription Registered
Microsoft.CloudTest NotRegistered
Microsoft.CodeSigning NotRegistered
Microsoft.Codespaces NotRegistered
Microsoft.CognitiveServices NotRegistered
Microsoft.Commerce Registered
Microsoft.Communication NotRegistered
Microsoft.Compute NotRegistered
Microsoft.ConfidentialLedger NotRegistered
Microsoft.Confluent NotRegistered
Microsoft.ConnectedCache NotRegistered
microsoft.connectedopenstack NotRegistered
Microsoft.ConnectedVehicle NotRegistered
Microsoft.ConnectedVMwarevSphere NotRegistered
Microsoft.Consumption Registered
Microsoft.CostManagement Registered
Microsoft.CostManagementExports NotRegistered
Microsoft.CustomerLockbox NotRegistered
Microsoft.D365CustomerInsights NotRegistered
Microsoft.Dashboard NotRegistered
Microsoft.DataBox NotRegistered
Microsoft.DataBoxEdge NotRegistered
Microsoft.Databricks NotRegistered
Microsoft.DataCatalog NotRegistered
Microsoft.DataCollaboration NotRegistered
Microsoft.Datadog NotRegistered
Microsoft.DataFactory NotRegistered
Microsoft.DataLakeAnalytics NotRegistered
Microsoft.DataLakeStore NotRegistered
Microsoft.DataMigration NotRegistered
Microsoft.DataProtection NotRegistered
Microsoft.DataReplication NotRegistered
Microsoft.DataShare NotRegistered
Microsoft.DBforMariaDB NotRegistered
Microsoft.DBforMySQL NotRegistered
Microsoft.DBforPostgreSQL NotRegistered
Microsoft.DelegatedNetwork NotRegistered
Microsoft.DeploymentManager NotRegistered
Microsoft.DesktopVirtualization NotRegistered
Microsoft.DevAI NotRegistered
Microsoft.DevCenter NotRegistered
Microsoft.DevHub NotRegistered
Microsoft.Devices NotRegistered
Microsoft.DeviceUpdate NotRegistered
Microsoft.DevOps NotRegistered
Microsoft.DevTestLab NotRegistered
Microsoft.DigitalTwins NotRegistered
Microsoft.DocumentDB NotRegistered
Microsoft.DomainRegistration NotRegistered
Microsoft.Easm NotRegistered
Microsoft.EdgeOrder NotRegistered
Microsoft.EdgeZones NotRegistered
Microsoft.Elastic NotRegistered
Microsoft.ElasticSan NotRegistered
Microsoft.EventGrid NotRegistered
Microsoft.EventHub NotRegistered
Microsoft.ExtendedLocation NotRegistered
Microsoft.Falcon NotRegistered
Microsoft.Features Registered
Microsoft.Fidalgo NotRegistered
Microsoft.FluidRelay NotRegistered
Microsoft.HanaOnAzure NotRegistered
Microsoft.HardwareSecurityModules NotRegistered
Microsoft.HDInsight NotRegistered
Microsoft.HealthBot NotRegistered
Microsoft.HealthcareApis NotRegistered
Microsoft.HpcWorkbench NotRegistered
Microsoft.HybridCompute NotRegistered
Microsoft.HybridConnectivity NotRegistered
Microsoft.HybridContainerService NotRegistered
Microsoft.HybridData NotRegistered
Microsoft.HybridNetwork NotRegistered
Microsoft.ImportExport NotRegistered
microsoft.insights NotRegistered
Microsoft.IntelligentITDigitalTwin NotRegistered
Microsoft.IoTCentral NotRegistered
Microsoft.IoTFirmwareDefense NotRegistered
Microsoft.IoTSecurity NotRegistered
Microsoft.KeyVault NotRegistered
Microsoft.Kubernetes NotRegistered
Microsoft.KubernetesConfiguration NotRegistered
Microsoft.Kusto NotRegistered
Microsoft.LabServices NotRegistered
Microsoft.LoadTestService NotRegistered
Microsoft.Logz NotRegistered
Microsoft.MachineLearning NotRegistered
Microsoft.MachineLearningServices NotRegistered
Microsoft.Maintenance NotRegistered
Microsoft.ManagedNetworkFabric NotRegistered
Microsoft.Management NotRegistered
Microsoft.Maps NotRegistered
Microsoft.MarketplaceOrdering Registered
Microsoft.Media NotRegistered
Microsoft.Migrate NotRegistered
Microsoft.MixedReality NotRegistered
Microsoft.MobileNetwork NotRegistered
Microsoft.Monitor NotRegistered
Microsoft.NetApp NotRegistered
Microsoft.NetworkAnalytics NotRegistered
Microsoft.NetworkCloud NotRegistered
Microsoft.NetworkFunction NotRegistered
Microsoft.NotificationHubs NotRegistered
Microsoft.ObjectStore NotRegistered
Microsoft.OffAzure NotRegistered
Microsoft.OpenEnergyPlatform NotRegistered
Microsoft.OpenLogisticsPlatform NotRegistered
Microsoft.OperationalInsights NotRegistered
Microsoft.OperationsManagement NotRegistered
Microsoft.Orbital NotRegistered
Microsoft.Peering NotRegistered
Microsoft.Pki NotRegistered
Microsoft.PlayFab NotRegistered
Microsoft.Portal Registered
Microsoft.PowerBI NotRegistered
Microsoft.PowerBIDedicated NotRegistered
Microsoft.PowerPlatform NotRegistered
Microsoft.Purview NotRegistered
Microsoft.Quantum NotRegistered
Microsoft.Quota NotRegistered
Microsoft.RecommendationsService NotRegistered
Microsoft.RecoveryServices NotRegistered
Microsoft.RedHatOpenShift NotRegistered
Microsoft.Relay NotRegistered
Microsoft.ResourceConnector NotRegistered
Microsoft.ResourceGraph Registered
Microsoft.ResourceHealth NotRegistered
Microsoft.Resources Registered
Microsoft.SaaS NotRegistered
Microsoft.Scom NotRegistered
Microsoft.ScVmm NotRegistered
Microsoft.Search NotRegistered
Microsoft.SecurityDetonation NotRegistered
Microsoft.SecurityDevOps NotRegistered
Microsoft.SecurityInsights NotRegistered
Microsoft.SerialConsole Registered
Microsoft.ServiceBus NotRegistered
Microsoft.ServiceFabric NotRegistered
Microsoft.ServiceFabricMesh NotRegistered
Microsoft.ServiceLinker NotRegistered
Microsoft.ServicesHub NotRegistered
Microsoft.SignalRService NotRegistered
Microsoft.Singularity NotRegistered
Microsoft.SoftwarePlan NotRegistered
Microsoft.Solutions NotRegistered
Microsoft.Sql NotRegistered
Microsoft.SqlVirtualMachine NotRegistered
Microsoft.Storage NotRegistered
Microsoft.StorageCache NotRegistered
Microsoft.StorageMover NotRegistered
Microsoft.StoragePool NotRegistered
Microsoft.StorageSync NotRegistered
Microsoft.StorSimple NotRegistered
Microsoft.StreamAnalytics NotRegistered
Microsoft.Subscription NotRegistered
microsoft.support Registered
Microsoft.Synapse NotRegistered
microsoft.syntex NotRegistered
Microsoft.TestBase NotRegistered
Microsoft.TimeSeriesInsights NotRegistered
Microsoft.VideoIndexer NotRegistered
Microsoft.VirtualMachineImages NotRegistered
microsoft.visualstudio NotRegistered
Microsoft.VMware NotRegistered
Microsoft.VMwareCloudSimple NotRegistered
Microsoft.VSOnline NotRegistered
Microsoft.WindowsESU NotRegistered
Microsoft.WindowsIoT NotRegistered
Microsoft.WorkloadBuilder NotRegistered
Microsoft.WorkloadMonitor NotRegistered
Microsoft.Workloads NotRegistered
NewRelic.Observability NotRegistered
NGINX.NGINXPLUS NotRegistered
PaloAltoNetworks.Cloudngfw NotRegistered
Qumulo.QaaS NotRegistered
Wandisco.Fusion NotRegistered
   Set up preview features in Azure subscription docs
Feature
Microsoft.Network/AllowPrivateEndpointNSG

0 Resource Locks docs

   Download CSV semicolon | comma
ResourceType Location Count
microsoft.logic/workflows westeurope 1
microsoft.managedidentity/userassignedidentities westeurope 1
microsoft.network/networksecuritygroups northeurope 1
microsoft.network/networksecuritygroups southafricanorth 1
microsoft.network/networksecuritygroups westeurope 3
microsoft.network/routetables westeurope 1
   CAF - Recommended abbreviations for Azure resource types docs
   Resource details can be found in the CSV output *_ResourcesAll.csv
   Download CSV semicolon | comma
ResourceType Recommendation ResourceFriendlyName passed failed passed percentage
microsoft.logic/workflows logic- Logic apps 1 0 100%
microsoft.managedidentity/userassignedidentities id- Managed Identity 0 1 0%
microsoft.network/networksecuritygroups nsg- Network security group (NSG) 0 5 0%
microsoft.network/routetables rt- Route table 0 1 0%
   'Azure Orphan Resources' ARG queries and workbooks GitHub
   Resource details can be found in the CSV output *_ResourcesOrphaned.csv
   Download CSV semicolon | comma
ResourceType Resource count Intent Cost (30 days) Currency
microsoft.network/networksecuritygroups 5 misconfiguration
microsoft.network/routetables 1 misconfiguration
microsoft.resources/subscriptions/resourcegroups 2 clean up
   Download CSV semicolon | comma
ResourceType Resource Count Diagnostics capable Metrics Logs LogCategories
microsoft.logic/workflows 1 True True True WorkflowRuntime
microsoft.managedidentity/userassignedidentities 1 False False False
microsoft.network/networksecuritygroups 5 True False True NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter
microsoft.network/routetables 1 False False False
   Managed identity 'user-assigned' vs 'system-assigned' docs
   Download CSV semicolon | comma
MI Name MI MgPath MI Subscription Name MI Subscription Id MI ResourceGroup MI ResourceId MI AAD SP objectId MI AAD SP applicationId MI count Res assignments Res Name Res Type Res MgPath Res Subscription Name Res Subscription Id Res ResourceGroup Res Id Res count assigned MIs
mi4439 896470ca-9c6e-4176-9b38-5a655403c638/test01/test01-EMEA_ID/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 payg0 a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2 mi /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/mi/providers/microsoft.managedidentity/userassignedidentities/mi4439 4b8bce68-e5f3-47d9-9420-66187e697c64 208163d8-f6f1-4726-b777-bd97d6efe6ec 1 logic-prj0765 Microsoft.Logic/workflows 896470ca-9c6e-4176-9b38-5a655403c638/ESJH/ESJH-landingzones/ESJH-online/4dfa3b56-55bf-4059-802a-24e44a4fb60f landingZone 4dfa3b56-55bf-4059-802a-24e44a4fb60f rg-logic /subscriptions/4dfa3b56-55bf-4059-802a-24e44a4fb60f/resourceGroups/rg-logic/providers/Microsoft.Logic/workflows/logic-prj0765 1
   Learn about PSRule for Azure
   Download CSV semicolon | comma
Resource Type Resource Count Pillar Category Severity Rule Recommendation lnk State
Microsoft.Logic/workflows 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.ManagedIdentity/userAssignedIdentities 1 Operational Excellence Repeatable infrastructure Awareness Use valid Managed Identity names Consider using names that meet Managed Identity naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.ManagedIdentity/userAssignedIdentities 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/networkSecurityGroups 5 Operational Excellence Configuration Important Avoid denying all inbound traffic Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added.
Microsoft.Network/networkSecurityGroups 5 Operational Excellence Repeatable infrastructure Awareness Use valid NSG names Consider using names that meet Network Security Group naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/networkSecurityGroups 4 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/networkSecurityGroups 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
Microsoft.Network/networkSecurityGroups 5 Security Network security and containment Critical Avoid rules that allow any inbound source Consider updating inbound rules to use a specified source such as an IP range or service tag. If inbound access from Internet-based sources is intended, consider using the service tag Internet.
Microsoft.Network/networkSecurityGroups 5 Security Network Segmentation Important Limit lateral traversal within subnets Consider configuring NSGs rules to block common outbound management traffic from non-management hosts.
Microsoft.Network/routeTables 1 Operational Excellence Repeatable infrastructure Awareness Use valid Route table names Consider using names that meet Route table naming requirements. Additionally consider naming resources with a standard naming convention.
Microsoft.Network/routeTables 1 Operational Excellence Tagging and resource naming Awareness Use resource tags Consider tagging resources using a standard convention. Identify mandatory and optional tags then tag all resources and resource groups using this standard. Also consider using Azure Policy to enforce mandatory tags.
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Inheritance ScopeExcluded Exemption applies Policy DisplayName PolicyId Type Category ALZ Effect Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
inherited test01 false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be) 1b5ac3236f0246ef83a14435 (SPObjId: 04b9b3f5-86a7-48cf-85fd-cce9468568db) 1234_APA_MG_RA_onSubReader /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 Joe Dalton 03/10/2022 15:03:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a) 5f9ec45db52f479e940fc150 (SPObjId: 84a55248-e141-4ea6-b6ad-23791f5e8980) 1234_APA_MG_RA_onSubOwner /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 Joe Dalton 03/10/2022 13:32:29 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false 1234_AP_MG_RA_onSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/42672afc-0fc0-4dea-9f1d-95dcd2f9a21c Custom n/a false deployIfNotExists targetRoledefinitionId=b24988ac-6180-42a0-ab88-20f7382dd24c Default 0 1 0 1 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054) a2d9426ccece4000b889c72f (SPObjId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7) 1234_APA_MG_RA_onSubContr /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f Joe Dalton 03/10/2022 13:33:42 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false My_AP_MG_raOnSub /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/cedae647-a6f4-4c91-bc48-e411d86f335a Custom RBAC false deployIfNotExists targetAADObjectId=c57f8838-1603-4932-b3c4-9572feea9173, targetRoledefinitionId=acdd72a7-3385-48ef-bd42-f606fba81ae7 Default 1 0 1 0 0 1234 RoleAssignmentSubscriptionOwner (/providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3) abe0212187e243e89ce5a623 (SPObjId: 41d30710-9d12-4361-ad69-ad313b2c427c) My_AP_MG_raOnSub /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 Joe Dalton 03/11/2022 07:44:46 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 03/11/2022 08:14:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 false false myPipelinePolicy /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/new pipeline policy 3 Custom Cache false Audit effect=Audit Default 0 0 0 0 0 none assmgtest01 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/assmgtest01 n/a 10/27/2021 14:40:15 ObjectType: SP APP INT, ObjectDisplayName: PolicyPipeline, ObjectSignInName: n/a, ObjectId: 90003bac-487c-4351-ad41-ed1f9e0446c1
thisScope Sub false false Audit VMs that do not use managed disks /providers/microsoft.authorization/policydefinitions/06a78e20-9358-41c9-923c-fb736d382a4d BuiltIn Compute False audit Default VM should have a managed disk 0 0 0 0 0 none Audit VMs that do not use managed disks /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/988739f361d84a989dfa087e n/a 12/31/2021 10:03:35 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a 12/31/2021 10:36:38 ObjectType: SP APP INT, ObjectDisplayName: AzOps, ObjectSignInName: n/a, ObjectId: c295384a-33d9-475e-abaf-d2fb0274299a
thisScope Sub false false DiagSubscriptionsDim /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/policydefinitions/68b79a92-8932-4f15-88a6-0ed2675fa157 Custom n/a false DeployIfNotExists Alert=False, Autoscale=False, Policy=False, Recommendation=False, ResourceHealth=False, ServiceHealth=False, workspaceId=/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466 Default 0 1 0 1 0 Log Analytics Contributor (/subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/a11b5e6d-bb3d-43ea-8009-733bc510f16b), Log Analytics Contributor (/subscriptions/f28ba982-5ed0-4033-9bdf-e45e4b5df466/resourcegroups/esjh-mgmt/providers/microsoft.operationalinsights/workspaces/esjh-la-f28ba982-5ed0-4033-9bdf-e45e4b5df466/providers/microsoft.authorization/roleassignments/8a2c62a5-a882-4427-af78-6c7af11325fa) e184b6792089442786621cfe (SPObjId: 71f8ba53-97da-4880-8d02-8b22176c9317) DiagSubscriptionsDim /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe Joe Dalton 06/24/2022 15:46:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG false false Flow logs should be enabled for every network security group /providers/microsoft.authorization/policydefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be BuiltIn Network False Audit Default flow logs should be enabled 0 0 0 0 0 none Flow logs should be enabled for every network security group /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/prod_p1/providers/microsoft.authorization/policyassignments/f43bb064dd1e4745814be533 Joe Dalton 12/31/2021 13:58:35 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
   Download CSV semicolon | comma
Inheritance ScopeExcluded PolicySet DisplayName PolicySetId Type Category ALZ Parameters Enforcement NonCompliance Message Policies NonCmplnt Policies Compliant Resources NonCmplnt Resources Compliant Resources Conflicting Role/Assignment Managed Identity Assignment DisplayName AssignmentId AssignedBy CreatedOn CreatedBy UpdatedOn UpdatedBy
thisScope Sub false Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances /providers/microsoft.authorization/policysetdefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 BuiltIn Security Center False Default 0 0 0 0 0 none ASC DataProtection (subscription: a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/dataprotectionsecuritycenter Security Center 11/04/2021 06:36:03 ObjectType: SP App EXT, ObjectDisplayName: Windows Azure Security Resource Provider, ObjectSignInName: n/a, ObjectId: 9ac4e379-ffb1-4e2c-ac89-3752d019abfd (rp)

Policy Assignment Limit: 4/200

0 Custom Policy definitions scoped

0 Custom PolicySet definitions scoped

0 Blueprints assigned

0 Blueprints scoped

   Download CSV semicolon | comma
Role Identity
ServiceAdministrator its.joe.dalton@azgovviz.net
   Download CSV semicolon | comma
  *Depending on the number of rows and your computerĀ“s performance the table may respond with delay, download the csv for better filtering experience
Scope Role RoleId Role Type Data Can do Role assignment Identity Displayname Identity SignInName Identity ObjectId Identity Type Applicability Applies through membership Group Details Role AssignmentId Related Policy Assignment CreatedOn CreatedBy
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Resource Policy Contributor 36243c78-bf99-498c-9df9-86d9f8d28608 Builtin false False PolicyPipeline n/a 90003bac-487c-4351-ad41-ed1f9e0446c1 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/132f37b3-0aca-4e26-b71b-bcdde7a981ea none 10/27/2021 11:18:15 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True AzOps n/a c295384a-33d9-475e-abaf-d2fb0274299a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/30e36b53-bc6c-412b-a026-96fe7527e27b none 07/06/2021 12:42:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/eda95ae6-8581-4558-b3b9-b3cd05cce33d none 06/16/2021 13:58:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizSPARK n/a 527c7ca6-7a74-4b5d-bde2-7465ebb9915a SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/78ff5f82-18d1-4cb8-be40-cb046f39e5ac none 02/15/2022 14:42:34 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzAdServicePrincipalInsights n/a 59acc082-8e28-485e-8897-d2a17e03ed50 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c6b7a239-63bf-48a6-921e-aa0e1628a702 none 09/28/2021 06:26:08 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False miCentral001 n/a 619f894b-1c1b-4f43-8e7f-9e4d32ffefe1 SP MI Usr direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11f78fac-cce2-4278-9364-f84c3c43ae04 none 01/07/2022 16:52:53 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False n/a n/a 638032a0-ff4a-462f-a53b-b99c4cf82964 Unknown direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/5160c1ae-ab7b-41ac-b57c-a4f618aaf8b8 none 02/15/2022 12:56:13 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizADO n/a 8a2f188e-5b60-45f1-b0c6-12cd0e59576e SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/11337883-af36-4131-a7c3-8dd5ce47b4eb none 05/19/2022 15:36:50 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Joe Dalton julian.hayward_yahoo.de#EXT#@AzGovViz.onmicrosoft.com 9ef38e0f-5e7b-4ac5-8b0c-3635ac3c7ff4 User Guest direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/0c4b9ba3-fc34-448e-beb0-d4baa7037562 none 09/24/2022 06:23:37 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/2df03e9d-a1e3-41f5-a95e-efb2b4641f04 none 07/19/2021 19:38:25 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgovvizwwcsecurity n/a e261446e-77d2-4cf5-a32a-0fbef8ee1333 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/d7973c31-e58a-4af7-bbcb-a4bac69ba141 none 04/27/2021 16:53:55 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False AzGovVizAzDO n/a efc7b786-0bc9-4d41-aacd-6a54d16f7229 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/c886cc3a-0d4c-45b6-af8b-fbfc4f8a4c06 none 05/21/2022 06:31:10 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited 896470ca-9c6e-4176-9b38-5a655403c638 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False azgvzGH n/a f20c11bb-119b-4914-abaa-99df52ef4f09 SP APP INT direct /providers/microsoft.management/managementgroups/896470ca-9c6e-4176-9b38-5a655403c638/providers/microsoft.authorization/roleassignments/7a09194c-13ca-4647-bb5e-da538b45f5e0 none 01/15/2022 16:26:49 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.authorization/roleassignments/0c3ffd6f-942d-433d-8abd-2d0d7f4383e1 none 01/10/2021 20:27:23 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited Tenant Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True ESDeploymentAccount ESDeploymentAccount@AzGovViz.onmicrosoft.com b790b1e1-6f46-488b-8c5a-708b0db9a149 User Member direct /providers/microsoft.authorization/roleassignments/6c236776-529f-4132-b034-e399e1cd1a99 none 01/10/2021 20:51:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 User Access Administrator 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 Builtin false True MS-PIM n/a f70514be-80e6-46e8-b985-ce72f5ee8e09 SP APP EXT direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a4638306-2a51-41b7-bb64-2d5297a04046 none 04/27/2022 21:29:11 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True n/a n/a 604ec94a-0860-478f-bc42-a2b599f1a505 Unknown direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/4cb5ad0a-366c-4dbd-804c-b4dce349e47f none 03/09/2022 16:37:12 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/a743ba10-46f5-4f1a-9d45-717d0c307c67 none 10/27/2021 14:29:28 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
inherited test01 Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False Calamity Jane Calamity_Jane_AzGovViz.net#EXT#@AzGovViz.onmicrosoft.com 43b0f5e7-cb78-4e1a-b3da-1239647dfb74 User Guest direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/45462efa-a1a1-42b6-8d51-566171d6835a none 04/27/2022 21:30:12 ObjectType: SP APP EXT, ObjectDisplayName: MS-PIM, ObjectSignInName: n/a, ObjectId: f70514be-80e6-46e8-b985-ce72f5ee8e09
inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ecf57eea-35ef-4c1f-88af-d1480b3c05eb none 03/10/2022 08:09:07 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 1b5ac3236f0246ef83a14435 n/a 04b9b3f5-86a7-48cf-85fd-cce9468568db SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/ac53ad94-7450-4fc1-bc27-fd42de78a1be /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/1b5ac3236f0246ef83a14435 (1234_AP_MG_RA_onSub) 03/10/2022 15:03:14 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True a2d9426ccece4000b889c72f n/a 405b7ca3-fe93-4dfa-b70a-837eef12bfe7 SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e781054 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/a2d9426ccece4000b889c72f (1234_AP_MG_RA_onSub) 03/10/2022 13:33:47 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True abe0212187e243e89ce5a623 n/a 41d30710-9d12-4361-ad69-ad313b2c427c SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3a86f501-86d7-44ea-83fb-6971a44ed3b3 /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/abe0212187e243e89ce5a623 (My_AP_MG_raOnSub) 03/11/2022 07:44:51 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01 1234 RoleAssignmentSubscriptionOwner 1ee892e0-67a1-4b4c-b171-8c3a371692a9 Custom false True 5f9ec45db52f479e940fc150 n/a 84a55248-e141-4ea6-b6ad-23791f5e8980 SP MI Sys direct /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/roleassignments/3d2ad3f2-61bf-40b1-9ae5-ce752e78104a /providers/microsoft.management/managementgroups/test01/providers/microsoft.authorization/policyassignments/5f9ec45db52f479e940fc150 (1234_AP_MG_RA_onSub) 03/10/2022 13:32:32 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
inherited test01-EMEA_ID Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Joe Dalton joe.dalton@AzGovViz.onmicrosoft.com acf4c68f-7b15-4d70-935b-26116fc2426a User Member direct /providers/microsoft.management/managementgroups/test01-emea_id/providers/microsoft.authorization/roleassignments/b3e7a86e-9057-45d0-b7da-004932703b32 none 12/31/2021 09:59:27 ObjectType: SP App EXT, ObjectDisplayName: Azure Management Groups, ObjectSignInName: n/a, ObjectId: 4870c99c-acfe-4210-9212-32949dc37c7a (r)
thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/970054de-6c25-5393-afcd-bef8453a50fd none 03/10/2022 18:47:54 ObjectType: SP MI Sys, ObjectDisplayName: 5f9ec45db52f479e940fc150, ObjectSignInName: n/a, ObjectId: 84a55248-e141-4ea6-b6ad-23791f5e8980
thisScope Sub Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 Builtin false True Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/970054de-6c25-5393-afcd-bef8453a50fd none 03/10/2022 18:47:54 ObjectType: SP MI Sys, ObjectDisplayName: 5f9ec45db52f479e940fc150, ObjectSignInName: n/a, ObjectId: 84a55248-e141-4ea6-b6ad-23791f5e8980
thisScope Sub Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 Builtin false False e184b6792089442786621cfe n/a 71f8ba53-97da-4880-8d02-8b22176c9317 SP MI Sys direct /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/a11b5e6d-bb3d-43ea-8009-733bc510f16b /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/policyassignments/e184b6792089442786621cfe (DiagSubscriptionsDim) 06/24/2022 15:46:27 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user00 user00@AzGovViz.onmicrosoft.com 05687e51-8ebb-4a06-9eae-9e9786f79090 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False mi4439 n/a 4b8bce68-e5f3-47d9-9420-66187e697c64 SP MI Usr direct /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/76c168f5-9ca6-4e1f-bc44-f7cf435a9e12 none 01/08/2022 16:38:03 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group04NoMembers n/a 5f90ced2-7d5e-493b-9db6-862b9332e20a Group direct 0 (Usr: 0, Grp: 0, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/d13dccbe-d20e-46c5-9459-fbff922e2b22 none 03/11/2022 07:33:21 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group01 n/a 66f4e0b3-13af-4c93-ad43-67042ed760e5 Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user01 user01@AzGovViz.onmicrosoft.com 7dd8e665-9277-4bbb-94f9-ff278ceff8c0 User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group02 n/a 903a7f87-c183-4962-8983-c793a77f18bf Group indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False group00 n/a c1916fdd-08d8-439e-a329-d540c6f002a8 Group direct 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user03 user03@AzGovViz.onmicrosoft.com c472fa07-5319-4f5f-8bcd-00d4162bb8fd User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
thisScope Sub Reader acdd72a7-3385-48ef-bd42-f606fba81ae7 Builtin false False user02 user02@AzGovViz.onmicrosoft.com cb317eea-8af2-4cb8-bde5-516e0b951f1b User Member indirect group00 (c1916fdd-08d8-439e-a329-d540c6f002a8) 6 (Usr: 4, Grp: 2, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/4509c4d8-390c-519a-b7d4-4b2764c58986 none 03/11/2022 07:52:51 ObjectType: SP MI Sys, ObjectDisplayName: abe0212187e243e89ce5a623, ObjectSignInName: n/a, ObjectId: 41d30710-9d12-4361-ad69-ad313b2c427c
thisScope Sub Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False 1234-SubOwner n/a 7d6d814f-5955-4ec8-ae38-f5211298aa2f Group direct 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/9e637076-9509-527b-bd3f-0e6f82553205 none 03/10/2022 13:52:48 ObjectType: SP MI Sys, ObjectDisplayName: a2d9426ccece4000b889c72f, ObjectSignInName: n/a, ObjectId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7
thisScope Sub Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False Jack Dalton JackDalton@AzGovViz.onmicrosoft.com c64d2776-a210-428f-b54f-a4a5dd7f8ef8 User Member indirect 1234-SubOwner (7d6d814f-5955-4ec8-ae38-f5211298aa2f) 1 (Usr: 1, Grp: 0, SP: 0) /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/providers/microsoft.authorization/roleassignments/9e637076-9509-527b-bd3f-0e6f82553205 none 03/10/2022 13:52:48 ObjectType: SP MI Sys, ObjectDisplayName: a2d9426ccece4000b889c72f, ObjectSignInName: n/a, ObjectId: 405b7ca3-fe93-4dfa-b70a-837eef12bfe7
thisScope Sub RG Contributor b24988ac-6180-42a0-ab88-20f7382dd24c Builtin false False William Dalton william.dalton@AzGovViz.onmicrosoft.com 3c99d2bc-12b3-4f4f-87a6-c673aed4628c User Member direct /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/dev_p1/providers/microsoft.authorization/roleassignments/c2c51f92-01fe-4a69-b508-1ec383a595f1 none 12/31/2021 13:54:48 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a
thisScope Sub RG Res Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7 Builtin false False William Dalton william.dalton@AzGovViz.onmicrosoft.com 3c99d2bc-12b3-4f4f-87a6-c673aed4628c User Member direct /subscriptions/a5a8a7d5-77f4-4389-8ee9-2f2a3aca06f2/resourcegroups/prod_p1/providers/microsoft.network/networksecuritygroups/nsgx_p1/providers/microsoft.authorization/roleassignments/b7794256-353c-4e73-89d1-d300ceb8cacd none 12/31/2021 13:57:18 ObjectType: User Member, ObjectDisplayName: Joe Dalton, ObjectSignInName: joe.dalton@AzGovViz.onmicrosoft.com, ObjectId: acf4c68f-7b15-4d70-935b-26116fc2426a