last sync: 2022-Jul-01 16:32:34 UTC

Azure Policy definition

Deploy Workflow Automation for Microsoft Defender for Cloud alerts

Name Deploy Workflow Automation for Microsoft Defender for Cloud alerts
Azure Portal
Id f1525828-9a90-4fcf-be48-268cdd02361e
Version 5.0.0
details on versioning
Category Security Center
Microsoft docs
Description Enable automation of Microsoft Defender for Cloud alerts. This policy deploys a workflow automation with your conditions and triggers on the assigned scope. To deploy this policy on newly created subscriptions, open the Compliance tab, select the relevant non-compliant assignment and create a remediation task.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: deployIfNotExists
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Rule Aliases THEN-ExistenceCondition (4)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Security/automations/isEnabled Microsoft.Security automations properties.isEnabled false
Microsoft.Security/automations/sources[*].ruleSets[*].rules[*] Microsoft.Security automations properties.sources[*].ruleSets[*].rules[*] false
Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].expectedValue Microsoft.Security automations properties.sources[*].ruleSets[*].rules[*].expectedValue false
Microsoft.Security/automations/sources[*].ruleSets[*].rules[*].propertyJPath Microsoft.Security automations properties.sources[*].ruleSets[*].rules[*].propertyJPath false
Rule ResourceTypes IF (1)
Microsoft.Resources/subscriptions
THEN-Deployment (3)
Microsoft.Resources/deployments
Microsoft.Resources/resourceGroups
Microsoft.Security/automations
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-06-24 19:15:47 change Major (4.0.0 > 5.0.0)
2021-07-30 15:17:20 change Major (3.0.0 > 4.0.0)
2021-02-17 14:28:42 change Major (2.0.0 > 3.0.0)
2021-02-03 15:09:01 change Major (1.0.0 > 2.0.0)
2020-05-29 15:39:09 add f1525828-9a90-4fcf-be48-268cdd02361e
Used in Initiatives none
JSON Changes

JSON