last sync: 2020-Jul-02 13:28:37 UTC

Azure Policy

Enable Azure Security Center on your subscription

Policy DisplayName Enable Azure Security Center on your subscription
Policy Id ac076320-ddcf-4066-b451-6154267e8ad2
Policy Category Security Center
Policy Description Identifies existing subscriptions that are not monitored by Azure Security Center (ASC). Subscriptions not monitored by ASC will be registered to the free pricing tier. Subscriptions already monitored by ASC (free or standard), will be considered compliant. To register newly created subscriptions, open the compliance tab, select the relevant non-compliant assignment and create a remediation task. Repeat this step when you have one or more new subscriptions you want to monitor with Security Center.
Policy Mode All
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Fixed: deployIfNotExists
Roles used
Role Name Role Id
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-01-29 21:53:30 add: Policy ac076320-ddcf-4066-b451-6154267e8ad2
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
    "displayName": "Enable Azure Security Center on your subscription",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Identifies existing subscriptions that are not monitored by Azure Security Center (ASC).\nSubscriptions not monitored by ASC will be registered to the free pricing tier.\nSubscriptions already monitored by ASC (free or standard), will be considered compliant.\nTo register newly created subscriptions, open the compliance tab, select the relevant non-compliant assignment and create a remediation task.\nRepeat this step when you have one or more new subscriptions you want to monitor with Security Center.",
    "metadata": {
      "version": "1.0.0",
      "category": "Security Center"
    },
    "parameters": {
      
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Resources/subscriptions"
      },
      "then": {
        "effect": "deployIfNotExists",
        "details": {
          "type": "Microsoft.Security/pricings",
          "name": "VirtualMachines",
          "deploymentScope": "subscription",
          "existenceScope": "subscription",
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd"
          ],
          "existenceCondition": {
            "anyof": [
              {
                "field": "microsoft.security/pricings/pricingTier",
                "equals": "standard"
              },
              {
                "field": "microsoft.security/pricings/pricingTier",
                "equals": "free"
              }
            ]
          },
          "deployment": {
            "location": "westeurope",
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "variables": {
                  
                },
                "resources": [
                  {
                    "type": "Microsoft.Security/pricings",
                    "apiVersion": "2018-06-01",
                    "name": "VirtualMachines",
                    "properties": {
                      "pricingTier": "free"
                    }
                  }
                ],
                "outputs": {
                  
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "ac076320-ddcf-4066-b451-6154267e8ad2"
}