last sync: 2020-Jul-09 14:13:41 UTC

Azure Policy Initiative

Enable Monitoring in Azure Security Center

Initiative DisplayName Enable Monitoring in Azure Security Center
Initiative Id 1f3afdf9-d0c9-4c3d-847f-89da613e70a8
Initiative Category Security Center
Initiative Description Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.
Initiative Type BuiltIn
Initiative Changes
Date/Time (UTC ymd) (i) Change(s)
2020-06-23 16:03:23 remove Policy [Deprecated]: Email notifications to admins and subscription owners should be enabled in SQL Managed Instance advanced data security settings (aeb23562-188d-47cb-80b8-551f16ef9fff)
remove Policy [Deprecated]: Advanced data security settings for SQL server should contain an email address to receive security alerts (9677b740-f641-4f3c-b9c5-466005c85278)
remove Policy [Deprecated]: Email notifications to admins and subscription owners should be enabled in SQL server advanced data security settings (c8343d2f-fdc9-4a97-b76f-fc71d1163bfc)
add Policy Advanced threat protection should be enabled on Key Vault (0e6763cc-5078-4e64-889d-ff4d9a839047)
add Policy Advanced threat protection should be enabled on Storage accounts (308fbb08-4ab8-4e67-9b29-592e93fb94fa)
add Policy Advanced threat protection should be enabled on App Service (2913021d-f2fd-4f3d-b958-22354e2bdbcb)
remove Policy [Deprecated]: Advanced data security settings for SQL Managed Instance should contain an email address to receive security alerts (3965c43d-b5f4-482e-b74a-d89ee0e0b3a8)
add Policy Advanced threat protection should be enabled on Azure Kubernetes Service (523b5cd1-3e23-492f-a539-13118b6d1e3a)
remove Policy [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings (e756b945-1b1b-480b-8de8-9a0859d5f7ad)
add Policy Advanced data security should be enabled on Azure SQL Database servers (7fe3b40f-802b-4cdd-8bd4-fd799c948cc2)
add Policy Advanced threat protection should be enabled on Azure Container Registry (c25d9a16-bc35-4e15-a7e5-9db606bf9ed4)
add Policy Advanced data security should be enabled on SQL Server on Virtual Machines (6581d072-105e-4418-827f-bd446d56421b)
remove Policy [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings (bda18df3-5e41-4709-add9-2554ce68c966)
add Policy Advanced threat protection should be enabled on Virtual Machines (4da35fc9-c9e7-4960-aec9-797fe7d9051d)
2020-06-11 19:46:04 remove Policy All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace (b278e460-7cfc-4451-8294-cccc40a940d7)
add Policy Non-internet-facing virtual machines should be protected with network security groups (bb91dfba-c30d-4263-9add-9c2384e659a6)
remove Policy Authorization rules on the Event Hub instance should be defined (f4826e5f-6a27-407c-ae3e-9582eb39891d)
remove Policy All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace (a1817ec0-a368-432a-8057-8371e17ac6ee)
2020-05-29 15:39:26 add Policy [Preview]: Manage certificate validity period (0a075868-4c26-42ef-914c-5bc007359560)
add Policy Whitelisting rules in your adaptive application control policy should be updated (123a3936-f020-408a-ba0c-47873faf1534)
add Policy [Preview]: Log Analytics agent should be installed on your Linux Azure Arc machines (842c54e8-c2f9-4d79-ae8d-38d8b8019373)
add Policy [Preview]: Log Analytics agent should be installed on your Windows Azure Arc machines (d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e)
2020-04-22 04:43:14 add Policy Audit Windows virtual machines on which the Windows Guest Configuration extension is not enabled (5fc23db3-dd4d-4c56-bcc7-43626243e601)
add Policy [Preview]: All Internet traffic should be routed via your deployed Azure Firewall (fc5e4038-4584-4632-8c85-c0448d374b2c)
add Policy [Preview]: Audit Windows VMs on which Windows Defender Exploit Guard is not enabled (bed48b13-6647-468e-aa2f-1af1d3f4dd40)
2020-03-10 16:29:48 change DisplayName Name change: '[Preview]: Enable Monitoring in Azure Security Center' to 'Enable Monitoring in Azure Security Center'
2020-02-20 08:25:18 remove Policy [Deprecated]: Web ports should be restricted on Network Security Groups associated to your VM (201ea587-7c90-41c3-910f-c280ae01cfd6)
remove Policy [Deprecated]: Access to App Services should be restricted (1a833ff1-d297-4a0f-9944-888428f8e0ff)
2019-12-04 08:49:52 remove Policy Metric alert rules should be configured on Batch accounts (26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7)
2019-11-27 16:13:13 add Policy [Preview]: Network traffic data collection agent should be installed on Windows virtual machines (2f2ee1de-44aa-4762-b6bd-0893fc3f306d)
add Policy [Preview]: Network traffic data collection agent should be installed on Linux virtual machines (04c4380f-3fae-46e8-96c9-30193528f602)
2019-10-29 23:53:40 add Policy Latest TLS version should be used in your Function App (f9d614c5-c173-4d56-95a7-b4437057d193)
add Policy Managed identity should be used in your Web App (2b9ad585-36bc-4615-b300-fd4435808332)
add Policy Managed identity should be used in your API App (c4d441f8-f9d9-4a9e-9cef-e82117cb3eef)
add Policy FTPS only should be required in your API App (9a1b8c48-453a-4044-86c3-d8bfd823e4f5)
add Policy FTPS should be required in your Web App (4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b)
add Policy Latest TLS version should be used in your API App (8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e)
add Policy Managed identity should be used in your Function App (0da106f2-4ca3-48e8-bc85-c638fe6aea8f)
add Policy FTPS only should be required in your Function App (399b2637-a50f-4f95-96f8-3a145476eb15)
add Policy Latest TLS version should be used in your Web App (f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b)
Initiative Policies count Total Policies: 103
Builtin Policies: 103/103
Static Policies: 0/103
Initiative Policies
Policy DisplayName Policy Id
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign 617c02be-7f02-4efd-8836-3180d47b6c68
[Preview]: Sensitive data in your SQL databases should be classified cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349
Advanced data security should be enabled on SQL Managed Instance abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb
Managed identity should be used in your Function App 0da106f2-4ca3-48e8-bc85-c638fe6aea8f
Advanced threat protection should be enabled on Azure Kubernetes Service 523b5cd1-3e23-492f-a539-13118b6d1e3a
Diagnostic logs in Data Lake Analytics should be enabled c95c74d9-38fe-4f0d-af86-0c7d626a315c
[Preview]: Log Analytics agent should be installed on your Linux Azure Arc machines 842c54e8-c2f9-4d79-ae8d-38d8b8019373
Diagnostic logs in IoT Hub should be enabled 383856f8-de7f-44a2-81fc-e5135b5c2aa4
Remote debugging should be turned off for Function Apps 0e60b895-3786-45da-8377-9c6b4b6ac5f9
Remote debugging should be turned off for API Apps e9c8d085-d9cc-4b17-9cdc-059f1f01f19e
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735
[Preview]: Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457
FTPS only should be required in your API App 9a1b8c48-453a-4044-86c3-d8bfd823e4f5
Service Fabric clusters should only use Azure Active Directory for client authentication b54ed75b-3e1a-44ac-a333-05ba39b99ff0
Managed identity should be used in your Web App 2b9ad585-36bc-4615-b300-fd4435808332
Access through Internet facing endpoint should be restricted 9daedab3-fb2d-461e-b861-71790eead4f6
CORS should not allow every resource to access your Function Apps 0820b7b9-23aa-4725-a1ce-ae4558f718e5
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c
[Preview]: Network traffic data collection agent should be installed on Linux virtual machines 04c4380f-3fae-46e8-96c9-30193528f602
Managed identity should be used in your API App c4d441f8-f9d9-4a9e-9cef-e82117cb3eef
SQL Auditing settings should have Action-Groups configured to capture critical activities 7ff426e2-515f-405a-91c8-4f2333442eb5
Advanced threat protection should be enabled on Virtual Machines 4da35fc9-c9e7-4960-aec9-797fe7d9051d
Azure DDoS Protection Standard should be enabled a7aca53f-2ed4-4466-a25e-0b45ade68efd
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b
Advanced data security should be enabled on Azure SQL Database servers 7fe3b40f-802b-4cdd-8bd4-fd799c948cc2
CORS should not allow every resource to access your API App 358c20a6-3f9e-4f0e-97ff-c6ce485e2aac
Management ports of virtual machines should be protected with just-in-time network access control b0f33259-77d7-4c9e-aac6-3aabcfae693c
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60
Diagnostic logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4
[Preview]: Manage certificate validity period 0a075868-4c26-42ef-914c-5bc007359560
Audit usage of custom RBAC rules a451c1ef-c6ca-483d-87ed-f49761e3ffb5
Web Application should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d
Management ports should be closed on your virtual machines 22730e10-96f6-4aac-ad84-9383d35b5917
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c
SQL Managed Instance TDE protector should be encrypted with your own key 048248b0-55cd-46da-b1ff-39efd52db260
FTPS should be required in your Web App 4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b
Diagnostic logs in Service Bus should be enabled f8d36e2f-389b-4ee4-898d-21aeb69a0f45
Vulnerabilities in container security configurations should be remediated e8cbc669-f12d-49eb-93e7-9273119e9933
Advanced threat protection should be enabled on Azure Container Registry c25d9a16-bc35-4e15-a7e5-9db606bf9ed4
Diagnostic logs in App Services should be enabled b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0
Disk encryption should be applied on virtual machines 0961003e-5a0a-4549-abde-af6a37f2724d
Diagnostic logs in Logic Apps should be enabled 34f95f76-5386-4de7-b824-0d8478470c9d
Vulnerabilities on your SQL databases should be remediated feedbf84-6b99-488c-acc2-71c829aa5ffc
Diagnostic logs in Virtual Machine Scale Sets should be enabled 7c1b1214-f927-48bf-8882-84f0af6588b1
External accounts with read permissions should be removed from your subscription 5f76cf89-fbf2-47fd-a3f4-b891fa780b60
Whitelisting rules in your adaptive application control policy should be updated 123a3936-f020-408a-ba0c-47873faf1534
External accounts with owner permissions should be removed from your subscription f8456c1c-aa66-4dfb-861a-25d127b775c9
Diagnostic logs in Event Hub should be enabled 83a214f7-d01a-484b-91a9-ed54470c9a6a
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12
Remote debugging should be turned off for Web Applications cb510bfd-1cba-4d9f-a230-cb0976f4bb71
Advanced threat protection should be enabled on Key Vault 0e6763cc-5078-4e64-889d-ff4d9a839047
Vulnerabilities should be remediated by a Vulnerability Assessment solution 760a85ff-6162-42b3-8d70-698e268f648c
Latest TLS version should be used in your Web App f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9
External accounts with write permissions should be removed from your subscription 5c607a2e-c700-4744-8254-d77e7c9eb5e4
Function App should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated 3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9
Diagnostic logs in Batch accounts should be enabled 428256e6-1fac-4f48-a757-df34c2b3336d
Diagnostic logs in Azure Data Lake Store should be enabled 057ef27e-665e-4328-8ea3-04b3122bd9fb
Deprecated accounts should be removed from your subscription 6b1cbf55-e8b6-442f-ba4c-7246b6381474
IP Forwarding on your virtual machine should be disabled bd352bd5-2853-4985-bf0d-73806b4a5744
[Preview]: Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version fb893a29-21bb-418c-a157-e99480ec364c
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9
MFA should be enabled accounts with write permissions on your subscription 9297c21d-2ed6-4474-b48f-163f75654ce3
SQL servers should be configured with auditing retention days greater than 90 days. 89099bee-89e0-4b26-a5f4-165451757743
Advanced data security should be enabled on your SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9
Adaptive application controls for whitelisting safe applications should be enabled on your machines 47a6b606-51aa-4496-8bb7-64b11cf66adc
Endpoint protection solution should be installed on virtual machine scale sets 26a828e1-e88f-464e-bbb3-c134a282b9de
[Preview]: Pod Security Policies should be defined on Kubernetes Services 3abeb944-26af-43ee-b83d-32aaf060fb94
[Preview]: All Internet traffic should be routed via your deployed Azure Firewall fc5e4038-4584-4632-8c85-c0448d374b2c
[Preview]: Audit Windows VMs on which Windows Defender Exploit Guard is not enabled bed48b13-6647-468e-aa2f-1af1d3f4dd40
System updates on virtual machine scale sets should be installed c3f317a7-a95c-4547-b7e7-11017ebdf2fe
[Preview]: Log Analytics agent should be installed on your Windows Azure Arc machines d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e
Storage accounts should be migrated to new Azure Resource Manager resources 37e0d2fe-28a5-43d6-a273-67d37d1f5606
Subnets should be associated with a Network Security Group e71308d3-144b-4262-b144-efdc3cc90517
Advanced threat protection should be enabled on Storage accounts 308fbb08-4ab8-4e67-9b29-592e93fb94fa
Vulnerabilities in security configuration on your machines should be remediated e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15
[Preview]: Network traffic data collection agent should be installed on Windows virtual machines 2f2ee1de-44aa-4762-b6bd-0893fc3f306d
Adaptive Network Hardening recommendations should be applied on internet facing virtual machines 08e6af2d-db70-460a-bfe9-d5bd474ba9d6
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9
Diagnostic logs in Key Vault should be enabled cf820ca0-f99e-4f3e-84fb-66e913812d21
Audit Windows virtual machines on which the Windows Guest Configuration extension is not enabled 5fc23db3-dd4d-4c56-bcc7-43626243e601
Advanced data security should be enabled on SQL Server on Virtual Machines 6581d072-105e-4418-827f-bd446d56421b
Non-internet-facing virtual machines should be protected with network security groups bb91dfba-c30d-4263-9add-9c2384e659a6
[Preview] Vulnerability Assessment should be enabled on Virtual Machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9
API App should only be accessible over HTTPS b7ddfbdc-1260-477d-91fd-98bd9be789a6
Advanced threat protection should be enabled on App Service 2913021d-f2fd-4f3d-b958-22354e2bdbcb
Deprecated accounts with owner permissions should be removed from your subscription ebb62a0c-3560-49e1-89ed-27e074e9f8ad
Virtual machines should be migrated to new Azure Resource Manager resources 1d84d5fb-01f6-4d12-ba4f-4a26081d403d
Diagnostic logs in Azure Stream Analytics should be enabled f9be5368-9bf5-4b84-9e0a-7850da98bb46
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a
Internet-facing virtual machines should be protected with network security groups f6de0be7-9a8a-4b8a-b349-43cf02d22f7c
FTPS only should be required in your Function App 399b2637-a50f-4f95-96f8-3a145476eb15
[Preview]: Authorized IP ranges should be defined on Kubernetes Services 0e246bcf-5f6f-4f87-bc6f-775d4712c7ea
Latest TLS version should be used in your Function App f9d614c5-c173-4d56-95a7-b4437057d193
Latest TLS version should be used in your API App 8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e
MFA should be enabled on accounts with read permissions on your subscription e3576e28-8b17-4677-84c3-db2990658d64
SQL server TDE protector should be encrypted with your own key 0d134df8-db83-46fb-ad72-fe0c9428c8dd
CORS should not allow every resource to access your Web Applications 5744710e-cc2f-4ee8-8809-3b11e89f4bc9
MFA should be enabled on accounts with owner permissions on your subscription aa633080-8b72-40c4-a2d7-d00c03e80bed
Initiative Rule
{
  "properties": {
    "displayName": "Enable Monitoring in Azure Security Center",
    "policyType": "BuiltIn",
    "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.",
    "metadata": {
      "version": "10.0.2",
      "category": "Security Center"
    },
    "parameters": {
      "certificatesValidityPeriodMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Manage certificate validity period",
          "description": "Enable or disable manage certificate validity period."
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "disabled"
      },
      "certificatesValidityPeriodInMonths": {
        "type": "Integer",
        "metadata": {
          "displayName": "The maximum validity period in months of managed certificate",
          "description": "The limit to how long a certificate may be valid for. Certificates with lengthy validity periods aren't best practice."
        },
        "defaultValue": 24
      },
      "azurePolicyforWindowsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Guest Configuration extension should be installed on Windows virtual machines",
          "description": "Enable or disable virtual machines reporting that the Guest Configuration extension for Windows should be installed"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "windowsDefenderExploitGuardMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Windows Defender Exploit Guard should be enabled on your Windows virtual machines",
          "description": "Enable or disable virtual machines reporting that Windows Defender Exploit Guard is enabled"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "vmssSystemUpdatesMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "System updates on virtual machine scale sets should be installed",
          "description": "Enable or disable virtual machine scale sets reporting of system updates"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "vmssEndpointProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Endpoint protection solution should be installed on virtual machine scale sets",
          "description": "Enable or disable virtual machine scale sets endpoint protection monitoring"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "vmssOsVulnerabilitiesMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Vulnerabilities in security configuration on your virtual machine scale sets should be remediated",
          "description": "Enable or disable virtual machine scale sets OS vulnerabilities monitoring"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "systemUpdatesMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "System updates should be installed on your machines",
          "description": "Enable or disable reporting of system updates"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "systemConfigurationsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Vulnerabilities in security configuration on your machines should be remediated",
          "description": "Enable or disable OS vulnerabilities monitoring (based on a configured baseline)"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "endpointProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor missing Endpoint Protection in Azure Security Center",
          "description": "Enable or disable endpoint protection monitoring"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diskEncryptionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Disk encryption should be applied on virtual machines",
          "description": "Enable or disable the monitoring for VM disk encryption"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "networkSecurityGroupsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor network security groups",
          "description": "Enable or disable monitoring of network security groups with permissive rules",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "networkSecurityGroupsOnSubnetsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Network Security Groups on the subnet level should be enabled",
          "description": "Enable or disable monitoring of NSGs on subnets"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "networkSecurityGroupsOnVirtualMachinesMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Internet-facing virtual machines should be protected with network security groups",
          "description": "Enable or disable monitoring of NSGs on VMs"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "networkSecurityGroupsOnInternalVirtualMachinesMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Non-internet-facing virtual machines should be protected with network security groups",
          "description": "Enable or disable monitoring of NSGs on VMs"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webApplicationFirewallMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Web ports should be restricted on Network Security Groups associated to your VM",
          "description": "Enable or disable the monitoring of unprotected web applications",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "nextGenerationFirewallMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Access through Internet facing endpoint should be restricted",
          "description": "Enable or disable overly permissive inbound NSG rules monitoring"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "vulnerabilityAssesmentMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Vulnerabilities should be remediated by a Vulnerability Assessment solution",
          "description": "Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "serverVulnerabilityAssessmentEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview] Vulnerability Assessment should be enabled on Virtual Machines",
          "description": "Enable or disable the detection of VM vulnerabilities by Azure Security Center Vulnerability Assessment"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "storageEncryptionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Audit missing blob encryption for storage accounts",
          "description": "Enable or disable the monitoring of blob encryption for storage accounts",
          "deprecated": true
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "jitNetworkAccessMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Management ports of virtual machines should be protected with just-in-time network access control",
          "description": "Enable or disable the monitoring of network just-in-time access"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "adaptiveApplicationControlsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Adaptive application controls for whitelisting safe applications should be enabled on your machines",
          "description": "Enable or disable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "adaptiveApplicationControlsUpdateMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Whitelisting rules in your adaptive application control policy should be updated",
          "description": "Enable or disable the monitoring for changes in behavior on groups of machines configured for auditing by Azure Security Center's adaptive application controls"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlAuditingMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor unaudited SQL servers in Azure Security Center",
          "description": "Enable or disable the monitoring of unaudited SQL databases",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "sqlEncryptionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor unencrypted SQL databases in Azure Security Center",
          "description": "Enable or disable the monitoring of unencrypted SQL databases",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "sqlDbEncryptionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Transparent Data Encryption on SQL databases should be enabled",
          "description": "Enable or disable the monitoring of unencrypted SQL databases"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlServerAuditingMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Auditing should be enabled on advanced data security settings on SQL Server",
          "description": "Enable or disable the monitoring of unaudited SQL Servers"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlServerAuditingActionsAndGroupsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "SQL Auditing settings should have Action-Groups configured to capture critical activities",
          "description": "Enable or disable the monitoring of auditing policy Action-Groups and Actions setting"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "SqlServerAuditingRetentionDaysMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "SQL servers should be configured with auditing retention days greater than 90 days",
          "description": "Enable or disable the monitoring of SQL servers with auditing retention period less than 90"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInAppServiceMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor diagnostic logs in Azure App Services",
          "description": "Enable or disable the monitoring of diagnostics logs in Azure App Services",
          "deprecated": true
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "diagnosticsLogsInSelectiveAppServicesMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in App Services should be enabled",
          "description": "Enable or disable the monitoring of diagnostics logs in Azure App Services"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "encryptionOfAutomationAccountMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Automation account variables should be encrypted",
          "description": "Enable or disable the monitoring of automation account encryption"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "diagnosticsLogsInBatchAccountMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Batch accounts should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Batch accounts"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInBatchAccountRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) for logs in Batch accounts",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "metricAlertsInBatchAccountMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Metric alert rules should be configured on Batch accounts",
          "description": "Enable or disable the monitoring of metric alerts in Batch accounts",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "classicComputeVMsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Virtual machines should be migrated to new Azure Resource Manager resources",
          "description": "Enable or disable the monitoring of classic compute VMs"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "classicStorageAccountsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Storage accounts should be migrated to new Azure Resource Manager resources",
          "description": "Enable or disable the monitoring of classic storage accounts"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "diagnosticsLogsInDataLakeAnalyticsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Data Lake Analytics should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Data Lake Analytics accounts"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInDataLakeAnalyticsRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) of logs in Data Lake Analytics accounts",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "diagnosticsLogsInDataLakeStoreMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Azure Data Lake Store should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Data Lake Store accounts"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInDataLakeStoreRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) of logs in Data Lake Store accounts",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "diagnosticsLogsInEventHubMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Event Hub should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Event Hub accounts"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInEventHubRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) of logs in Event Hub accounts",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "diagnosticsLogsInKeyVaultMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Key Vault should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Key Vault vaults"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInKeyVaultRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) of logs in Key Vault vaults",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "diagnosticsLogsInLogicAppsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Logic Apps should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Logic Apps workflows"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInLogicAppsRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) of logs in Logic Apps workflows",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "diagnosticsLogsInRedisCacheMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Only secure connections to your Redis Cache should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Azure Redis Cache"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "diagnosticsLogsInSearchServiceMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Search services should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Azure Search service"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInSearchServiceRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) of logs in Azure Search service",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "aadAuthenticationInServiceFabricMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Service Fabric clusters should only use Azure Active Directory for client authentication",
          "description": "Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "clusterProtectionLevelInServiceFabricMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign",
          "description": "Enable or disable the monitoring of cluster protection level in Service Fabric"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "diagnosticsLogsInServiceBusMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Service Bus should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Service Bus"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInServiceBusRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) of logs in Service Bus",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "namespaceAuthorizationRulesInServiceBusMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace",
          "description": "Enable or disable the monitoring of Service Bus namespace authorization rules",
          "deprecated": true
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "aadAuthenticationInSqlServerMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "An Azure Active Directory administrator should be provisioned for SQL servers",
          "description": "Enable or disable the monitoring of an Azure AD admininistrator for SQL server"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "secureTransferToStorageAccountMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Secure transfer to storage accounts should be enabled",
          "description": "Enable or disable the monitoring of secure transfer to storage account"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "diagnosticsLogsInStreamAnalyticsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Azure Stream Analytics should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Stream Analytics"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInStreamAnalyticsRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) of logs in Stream Analytics",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "useRbacRulesMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Audit usage of custom RBAC rules",
          "description": "Enable or disable the monitoring of using built-in RBAC rules"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "disableUnrestrictedNetworkToStorageAccountMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Audit unrestricted network access to storage accounts",
          "description": "Enable or disable the monitoring of network access to storage account"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "diagnosticsLogsInServiceFabricMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in Virtual Machine Scale Sets should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Service Fabric"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "accessRulesInEventHubNamespaceMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace",
          "description": "Enable or disable the monitoring of access rules in Event Hub namespaces",
          "deprecated": true
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "accessRulesInEventHubMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Authorization rules on the Event Hub instance should be defined",
          "description": "Enable or disable the monitoring of access rules in Event Hubs",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "sqlDbVulnerabilityAssesmentMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Vulnerabilities on your SQL databases should be remediated",
          "description": "Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlDbDataClassificationMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Sensitive data in your SQL databases should be classified",
          "description": "Enable or disable the monitoring of sensitive data classification in databases."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityDesignateLessThanOwnersMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "A maximum of 3 owners should be designated for your subscription",
          "description": "Enable or disable the monitoring of maximum owners in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityDesignateMoreThanOneOwnerMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "There should be more than one owner assigned to your subscription",
          "description": "Enable or disable the monitoring of minimum owners in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityEnableMFAForOwnerPermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "MFA should be enabled on accounts with owner permissions on your subscription",
          "description": "Enable or disable the monitoring of MFA for accounts with owner permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityEnableMFAForWritePermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "MFA should be enabled accounts with write permissions on your subscription",
          "description": "Enable or disable the monitoring of MFA for accounts with write permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityEnableMFAForReadPermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "MFA should be enabled on accounts with read permissions on your subscription",
          "description": "Enable or disable the monitoring of MFA for accounts with read permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Deprecated accounts with owner permissions should be removed from your subscription",
          "description": "Enable or disable the monitoring of deprecated acounts with owner permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityRemoveDeprecatedAccountMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Deprecated accounts should be removed from your subscription",
          "description": "Enable or disable the monitoring of deprecated acounts in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "External accounts with owner permissions should be removed from your subscription",
          "description": "Enable or disable the monitoring of external acounts with owner permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityRemoveExternalAccountWithWritePermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "External accounts with write permissions should be removed from your subscription",
          "description": "Enable or disable the monitoring of external acounts with write permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityRemoveExternalAccountWithReadPermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "External accounts with read permissions should be removed from your subscription",
          "description": "Enable or disable the monitoring of external acounts with read permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "apiAppConfigureIPRestrictionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor Configure IP restrictions for API App",
          "description": "Enable or disable the monitoring of IP restrictions for API App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "functionAppConfigureIPRestrictionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor Configure IP restrictions for Function App",
          "description": "Enable or disable the monitoring of IP restrictions for Function App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "webAppConfigureIPRestrictionsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor Configure IP restrictions for Web App",
          "description": "Enable or disable the monitoring of IP restrictions for Web App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "apiAppDisableRemoteDebuggingMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Remote debugging should be turned off for API App",
          "description": "Enable or disable the monitoring of remote debugging for API App"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "functionAppDisableRemoteDebuggingMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Remote debugging should be turned off for Function App",
          "description": "Enable or disable the monitoring of remote debugging for Function App"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webAppDisableRemoteDebuggingMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Remote debugging should be turned off for Web Application",
          "description": "Enable or disable the monitoring of remote debugging for Web App"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "apiAppAuditFtpsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "FTPS should be required in your API App",
          "description": "Enable FTPS enforcement for enhanced security"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "functionAppAuditFtpsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "FTPS should be required in your Function App",
          "description": "Enable FTPS enforcement for enhanced security"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webAppAuditFtpsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "FTPS should be required in your Web App",
          "description": "Enable FTPS enforcement for enhanced security"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "apiAppUseManagedIdentityMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "A managed identity should be used in your API App",
          "description": "Use a managed identity for enhanced authentication security"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "functionAppUseManagedIdentityMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "A managed identity should be used in your Function App",
          "description": "Use a managed identity for enhanced authentication security"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webAppUseManagedIdentityMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "A managed identity should be used in your Web App",
          "description": "Use a managed identity for enhanced authentication security"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "apiAppRequireLatestTlsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Latest TLS version should be used in your API App",
          "description": "Upgrade to the latest TLS version"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "functionAppRequireLatestTlsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Latest TLS version should be used in your Function App",
          "description": "Upgrade to the latest TLS version"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webAppRequireLatestTlsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Latest TLS version should be used in your Web App",
          "description": "Upgrade to the latest TLS version"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "apiAppDisableWebSocketsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor disable web sockets for API App",
          "description": "Enable or disable the monitoring of web sockets for API App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "functionAppDisableWebSocketsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor disable web sockets for Function App",
          "description": "Enable or disable the monitoring of web sockets for Function App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "webAppDisableWebSocketsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor disable web sockets for Web App",
          "description": "Enable or disable the monitoring of web sockets for Web App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "apiAppEnforceHttpsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "API App should only be accessible over HTTPS",
          "description": "Enable or disable the monitoring of the use of HTTPS in API App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "functionAppEnforceHttpsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Function App should only be accessible over HTTPS",
          "description": "Enable or disable the monitoring of the use of HTTPS in function App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "webAppEnforceHttpsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Web Application should only be accessible over HTTPS",
          "description": "Enable or disable the monitoring of the use of HTTPS in Web App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "apiAppEnforceHttpsMonitoringEffectV2": {
        "type": "String",
        "metadata": {
          "displayName": "API App should only be accessible over HTTPS V2",
          "description": "Enable or disable the monitoring of the use of HTTPS in API App V2"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "functionAppEnforceHttpsMonitoringEffectV2": {
        "type": "String",
        "metadata": {
          "displayName": "Function App should only be accessible over HTTPS V2",
          "description": "Enable or disable the monitoring of the use of HTTPS in function App V2"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "webAppEnforceHttpsMonitoringEffectV2": {
        "type": "String",
        "metadata": {
          "displayName": "Web Application should only be accessible over HTTPS V2",
          "description": "Enable or disable the monitoring of the use of HTTPS in Web App V2"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "apiAppRestrictCORSAccessMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "CORS should not allow every resource to access your API App",
          "description": "Enable or disable the monitoring of CORS restrictions for API App"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "functionAppRestrictCORSAccessMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "CORS should not allow every resource to access your Function App",
          "description": "Enable or disable the monitoring of CORS restrictions for API Function"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webAppRestrictCORSAccessMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "CORS should not allow every resource to access your Web Application",
          "description": "Enable or disable the monitoring of CORS restrictions for API Web"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "apiAppUsedCustomDomainsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor the custom domain use in API App",
          "description": "Enable or disable the monitoring of custom domain use in API App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "functionAppUsedCustomDomainsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor the custom domain use in Function App",
          "description": "Enable or disable the monitoring of custom domain use in Function App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "webAppUsedCustomDomainsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor the custom domain use in Web App",
          "description": "Enable or disable the monitoring of custom domain use in Web App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "apiAppUsedLatestDotNetMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor use latest .NET in API App",
          "description": "Enable or disable the monitoring of .NET version in API App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "webAppUsedLatestDotNetMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor use latest .NET in Web App",
          "description": "Enable or disable the monitoring of .NET version in Web App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "apiAppUsedLatestJavaMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor use latest Java in API App",
          "description": "Enable or disable the monitoring of Java version in API App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "webAppUsedLatestJavaMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor use latest Java in Web App",
          "description": "Enable or disable the monitoring of Java version in Web App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "webAppUsedLatestNodeJsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor use latest Node.js in Web App",
          "description": "Enable or disable the monitoring of Node.js version in Web App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "apiAppUsedLatestPHPMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor use latest PHP in API App",
          "description": "Enable or disable the monitoring of PHP version in API App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "webAppUsedLatestPHPMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor use latest PHP in Web App",
          "description": "Enable or disable the monitoring of PHP version in Web App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "apiAppUsedLatestPythonMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor use latest Python in API App",
          "description": "Enable or disable the monitoring of Python version in API App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "webAppUsedLatestPythonMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Monitor use latest Python in Web App",
          "description": "Enable or disable the monitoring of Python version in Web App",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "vnetEnableDDoSProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Azure DDoS Protection Standard should be enabled",
          "description": "Enable or disable the monitoring of DDoS protection for virtual network"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInIoTHubMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Diagnostic logs in IoT Hub should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in IoT Hubs"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInIoTHubRetentionDays": {
        "type": "String",
        "metadata": {
          "displayName": "Required retention (in days) of logs in IoT Hub accounts",
          "description": "The required diagnostic logs retention period in days"
        },
        "defaultValue": "365"
      },
      "sqlServerAdvancedDataSecurityMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced data security should be enabled on your SQL servers",
          "description": "Enable or disable the monitoring of SQL servers without Advanced Data Security"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlManagedInstanceAdvancedDataSecurityMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced data security should be enabled on SQL Managed Instance",
          "description": "Enable or disable the monitoring of each SQL Managed Instance without advanced data security."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlServerAdvancedDataSecurityEmailsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced data security settings for SQL server should contain an email address to receive security alerts",
          "description": "Enable or disable the monitoring that advanced data security settings for SQL server contain at least one email address to receive security alerts",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced data security settings for SQL Managed Instance should contain an email address to receive security alerts",
          "description": "Enable or disable the monitoring that advanced data security settings for SQL Managed Instance contain at least one email address to receive security alerts.",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Email notifications to admins and subscription owners should be enabled in SQL server advanced data security settings",
          "description": "Enable or disable auditing that 'email notification to admins and subscription owners' is enabled in the SQL Server advanced threat protection settings. This ensures that any detections of anomalous activities on SQL server are reported as soon as possible to the admins.",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Email notifications to admins and subscription owners should be enabled in SQL Managed Instance advanced data security settings",
          "description": "Enable or disable auditing that 'email notification to admins and subscription owners' is enabled in SQL Managed Instance advanced threat protection settings. This setting ensures that any detections of anomalous activities on SQL Managed Instance are reported as soon as possible to the admins.",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "kubernetesServiceRbacEnabledMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Role-Based Access Control (RBAC) should be used on Kubernetes Services",
          "description": "Enable or disable the monitoring of Kubernetes Services without RBAC enabled"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "kubernetesServicePspEnabledMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Pod Security Policies should be defined on Kubernetes Services",
          "description": "Enable or disable the monitoring of Kubernetes Services without Pod Security Policy enabled"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Authorized IP ranges should be defined on Kubernetes Services",
          "description": "Enable or disable the monitoring of Kubernetes Services without Authorized IP Ranges enabled"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "kubernetesServiceVersionUpToDateMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Kubernetes Services should be upgraded to a non vulnerable Kubernetes version",
          "description": "Enable or disable the monitoring of the Kubernetes Services with versions that contain known vulnerabilities"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "vulnerabilityAssessmentOnManagedInstanceMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Vulnerability assessment should be enabled on SQL Managed Instance",
          "description": "Audit each SQL Managed Instance which doesn't have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "vulnerabilityAssessmentOnServerMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Vulnerability assessment should be enabled on your SQL servers",
          "description": "Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "threatDetectionTypesOnManagedInstanceMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings",
          "description": "It's recommended to enable all Advanced Threat Protection types on your SQL Managed Instance. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "threatDetectionTypesOnServerMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings",
          "description": "It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "adaptiveNetworkHardeningsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Adaptive Network Hardening recommendations should be applied on internet facing virtual machines",
          "description": "Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "restrictAccessToManagementPortsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Management ports should be closed on your virtual machines",
          "description": "Enable or disable the monitoring of open management ports on Virtual Machines"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "restrictAccessToAppServicesMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Access to App Services should be restricted",
          "description": "Enable or disable the monitoring of permissive network access to app-services",
          "deprecated": true
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "Disabled"
      },
      "disableIPForwardingMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "IP Forwarding on your virtual machine should be disabled",
          "description": "Enable or disable the monitoring of IP forwarding on virtual machines"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "SQL server TDE protector should be encrypted with your own key",
          "description": "Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "SQL Managed Instance TDE protector should be encrypted with your own key",
          "description": "Enable or disable the monitoring of Transparent Data Encryption (TDE) with your own key support. TDE with your own key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "containerBenchmarkMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Vulnerabilities in container security configurations should be remediated",
          "description": "Enable or disable container benchmark monitoring"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "ASCDependencyAgentAuditWindowsEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Audit Dependency Agent for Windows VMs monitoring",
          "description": "Enable or disable Dependency Agent for Windows VMs"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "ASCDependencyAgentAuditLinuxEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Audit Dependency Agent for Linux VMs monitoring",
          "description": "Enable or disable Dependency Agent for Linux VMs"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "AzureFirewallEffect": {
        "type": "String",
        "metadata": {
          "displayName": "All Internet traffic should be routed via your deployed Azure Firewall",
          "description": "Enable or disable All Internet traffic should be routed via your deployed Azure Firewall"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "ArcWindowsMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Log Analytics agent should be installed on your  Windows Azure Arc machines",
          "description": "Enable or disable Log Analytics agent should be installed on your  Windows Azure Arc machines"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "ArcLinuxMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Log Analytics agent should be installed on your Linux Azure Arc machines",
          "description": "Enable or disable Log Analytics agent should be installed on your Linux Azure Arc machines"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "keyVaultsAdvancedDataSecurityMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced threat protection standard tier should be enabled on Key Vault",
          "description": "Enable or disable advanced threat protection for Key Vault"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlServersAdvancedDataSecurityMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced data security standard tier should be enabled on Azure SQL Database servers",
          "description": "Enable or disable Advanced data security for Azure SQL Database servers"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced data security standard tier should be enabled on SQL Server on Virtual Machines",
          "description": "Enable or disable Advanced data security for SQL Server on Virtual Machines"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "storageAccountsAdvancedDataSecurityMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced threat protection standard tier should be enabled on Storage accounts",
          "description": "Enable or disable advanced threat protection for Storage accounts"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "appServicesAdvancedThreatProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced threat protection standard tier should be enabled on App Service",
          "description": "Enable or disable advanced threat protection for App Service"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "containerRegistryAdvancedThreatProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced threat protection standard tier should be enabled on Azure Container Registry",
          "description": "Enable or disable advanced threat protection for Azure Container Registry"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "kubernetesServiceAdvancedThreatProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced threat protection standard tier should be enabled on Azure Kubernetes Service",
          "description": "Enable or disable advanced threat protection for Azure Kubernetes Service"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "virtualMachinesAdvancedThreatProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
          "displayName": "Advanced threat protection standard tier should be enabled on Virtual Machines",
          "description": "Enable or disable advanced threat protection for Virtual Machines"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "certificatesValidityPeriodMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560",
        "parameters": {
          "effect": {
          "value": "[parameters('certificatesValidityPeriodMonitoringEffect')]"
          },
          "maximumValidityInMonths": {
          "value": "[parameters('certificatesValidityPeriodInMonths')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vmssOsVulnerabilitiesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4",
        "parameters": {
          "effect": {
          "value": "[parameters('vmssOsVulnerabilitiesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vmssEndpointProtectionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
        "parameters": {
          "effect": {
          "value": "[parameters('vmssEndpointProtectionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vmssSystemUpdatesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe",
        "parameters": {
          "effect": {
          "value": "[parameters('vmssSystemUpdatesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "azurePolicyforWindowsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5fc23db3-dd4d-4c56-bcc7-43626243e601",
        "parameters": {
          "effect": {
          "value": "[parameters('azurePolicyforWindowsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "windowsDefenderExploitGuardMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40",
        "parameters": {
          "effect": {
          "value": "[parameters('windowsDefenderExploitGuardMonitoringEffect')]"
          },
          "NotAvailableMachineState": {
            "value": "Compliant"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInIoTHubMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInIoTHubMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInIoTHubRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInServiceFabricMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInServiceFabricMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "disableUnrestrictedNetworkToStorageAccountMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
        "parameters": {
          "effect": {
          "value": "[parameters('disableUnrestrictedNetworkToStorageAccountMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "useRbacRulesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5",
        "parameters": {
          "effect": {
          "value": "[parameters('useRbacRulesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInStreamAnalyticsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInStreamAnalyticsMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInStreamAnalyticsRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "secureTransferToStorageAccountMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
        "parameters": {
          "effect": {
          "value": "[parameters('secureTransferToStorageAccountMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "aadAuthenticationInSqlServerMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9",
        "parameters": {
          "effect": {
          "value": "[parameters('aadAuthenticationInSqlServerMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInServiceBusMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInServiceBusMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInServiceBusRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "clusterProtectionLevelInServiceFabricMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68",
        "parameters": {
          "effect": {
          "value": "[parameters('clusterProtectionLevelInServiceFabricMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "aadAuthenticationInServiceFabricMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0",
        "parameters": {
          "effect": {
          "value": "[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInSearchServiceMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInSearchServiceMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInSearchServiceRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInRedisCacheMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInLogicAppsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInLogicAppsMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInLogicAppsRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInKeyVaultMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInKeyVaultMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInKeyVaultRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInEventHubMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInEventHubMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInEventHubRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInDataLakeStoreMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInDataLakeStoreMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInDataLakeStoreRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInDataLakeAnalyticsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInDataLakeAnalyticsMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInDataLakeAnalyticsRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "classicStorageAccountsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606",
        "parameters": {
          "effect": {
          "value": "[parameters('classicStorageAccountsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "classicComputeVMsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d",
        "parameters": {
          "effect": {
          "value": "[parameters('classicComputeVMsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInBatchAccountMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInBatchAccountMonitoringEffect')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('diagnosticsLogsInBatchAccountRetentionDays')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "encryptionOfAutomationAccountMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
        "parameters": {
          "effect": {
          "value": "[parameters('encryptionOfAutomationAccountMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInSelectiveAppServicesMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInSelectiveAppServicesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlDbEncryptionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlDbEncryptionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlServerAuditingMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlServerAuditingMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlServerAuditingActionsAndGroupsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlServerAuditingActionsAndGroupsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "SqlServerAuditingRetentionDaysMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743",
        "parameters": {
          "effect": {
          "value": "[parameters('SqlServerAuditingRetentionDaysMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "systemUpdatesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60",
        "parameters": {
          "effect": {
          "value": "[parameters('systemUpdatesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "jitNetworkAccessMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c",
        "parameters": {
          "effect": {
          "value": "[parameters('jitNetworkAccessMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "adaptiveApplicationControlsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc",
        "parameters": {
          "effect": {
          "value": "[parameters('adaptiveApplicationControlsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "adaptiveApplicationControlsUpdateMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534",
        "parameters": {
          "effect": {
          "value": "[parameters('adaptiveApplicationControlsUpdateMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "networkSecurityGroupsOnSubnetsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517",
        "parameters": {
          "effect": {
          "value": "[parameters('networkSecurityGroupsOnSubnetsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "networkSecurityGroupsOnVirtualMachinesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
        "parameters": {
          "effect": {
          "value": "[parameters('networkSecurityGroupsOnVirtualMachinesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "networkSecurityGroupsOnInternalVirtualMachinesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6",
        "parameters": {
          "effect": {
          "value": "[parameters('networkSecurityGroupsOnInternalVirtualMachinesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "systemConfigurationsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
        "parameters": {
          "effect": {
          "value": "[parameters('systemConfigurationsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "endpointProtectionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
        "parameters": {
          "effect": {
          "value": "[parameters('endpointProtectionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diskEncryptionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
        "parameters": {
          "effect": {
          "value": "[parameters('diskEncryptionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vulnerabilityAssessmentMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c",
        "parameters": {
          "effect": {
          "value": "[parameters('vulnerabilityAssesmentMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "serverVulnerabilityAssessment",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9",
        "parameters": {
          "effect": {
          "value": "[parameters('serverVulnerabilityAssessmentEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "nextGenerationFirewallMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6",
        "parameters": {
          "effect": {
          "value": "[parameters('nextGenerationFirewallMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlDbVulnerabilityAssesmentMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlDbDataClassificationMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlDbDataClassificationMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityDesignateLessThanOwnersMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c",
        "parameters": {
          "effect": {
          "value": "[parameters('identityDesignateLessThanOwnersMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityDesignateMoreThanOneOwnerMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b",
        "parameters": {
          "effect": {
          "value": "[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityEnableMFAForOwnerPermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed",
        "parameters": {
          "effect": {
          "value": "[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityEnableMFAForWritePermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3",
        "parameters": {
          "effect": {
          "value": "[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityEnableMFAForReadPermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64",
        "parameters": {
          "effect": {
          "value": "[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad",
        "parameters": {
          "effect": {
          "value": "[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityRemoveDeprecatedAccountMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474",
        "parameters": {
          "effect": {
          "value": "[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityRemoveExternalAccountWithOwnerPermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9",
        "parameters": {
          "effect": {
          "value": "[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityRemoveExternalAccountWithWritePermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4",
        "parameters": {
          "effect": {
          "value": "[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityRemoveExternalAccountWithReadPermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60",
        "parameters": {
          "effect": {
          "value": "[parameters('identityRemoveExternalAccountWithReadPermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "apiAppDisableRemoteDebuggingMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e",
        "parameters": {
          "effect": {
          "value": "[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "functionAppDisableRemoteDebuggingMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9",
        "parameters": {
          "effect": {
          "value": "[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "webAppDisableRemoteDebuggingMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "apiAppAuditFtpsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5",
        "parameters": {
          "effect": {
          "value": "[parameters('apiAppAuditFtpsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "webAppAuditFtpsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppAuditFtpsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "functionAppAuditFtpsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15",
        "parameters": {
          "effect": {
          "value": "[parameters('functionAppAuditFtpsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "apiAppUseManagedIdentityMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef",
        "parameters": {
          "effect": {
          "value": "[parameters('apiAppUseManagedIdentityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "webAppUseManagedIdentityMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppUseManagedIdentityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "functionAppUseManagedIdentityMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
        "parameters": {
          "effect": {
          "value": "[parameters('functionAppUseManagedIdentityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "apiAppRequireLatestTlsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
        "parameters": {
          "effect": {
          "value": "[parameters('apiAppRequireLatestTlsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "webAppRequireLatestTlsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppRequireLatestTlsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "functionAppRequireLatestTlsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
        "parameters": {
          "effect": {
          "value": "[parameters('functionAppRequireLatestTlsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "apiAppEnforceHttpsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6",
        "parameters": {
          "effect": {
          "value": "[parameters('apiAppEnforceHttpsMonitoringEffectV2')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "functionAppEnforceHttpsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
        "parameters": {
          "effect": {
          "value": "[parameters('functionAppEnforceHttpsMonitoringEffectV2')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "webAppEnforceHttpsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppEnforceHttpsMonitoringEffectV2')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "apiAppRestrictCORSAccessMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac",
        "parameters": {
          "effect": {
          "value": "[parameters('apiAppRestrictCORSAccessMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "functionAppRestrictCORSAccessMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5",
        "parameters": {
          "effect": {
          "value": "[parameters('functionAppRestrictCORSAccessMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "webAppRestrictCORSAccessMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppRestrictCORSAccessMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vnetEnableDDoSProtectionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd",
        "parameters": {
          "effect": {
          "value": "[parameters('vnetEnableDDoSProtectionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlServerAdvancedDataSecurityMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlServerAdvancedDataSecurityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlManagedInstanceAdvancedDataSecurityMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlManagedInstanceAdvancedDataSecurityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "kubernetesServiceRbacEnabledMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457",
        "parameters": {
          "effect": {
          "value": "[parameters('kubernetesServiceRbacEnabledMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "kubernetesServicePspEnabledMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3abeb944-26af-43ee-b83d-32aaf060fb94",
        "parameters": {
          "effect": {
          "value": "[parameters('kubernetesServicePspEnabledMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "kubernetesServiceVersionUpToDateMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c",
        "parameters": {
          "effect": {
          "value": "[parameters('kubernetesServiceVersionUpToDateMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "kubernetesServiceAuthorizedIPRangesEnabledMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea",
        "parameters": {
          "effect": {
          "value": "[parameters('kubernetesServiceAuthorizedIPRangesEnabledMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vulnerabilityAssessmentOnServerMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
        "parameters": {
          "effect": {
          "value": "[parameters('vulnerabilityAssessmentOnServerMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vulnerabilityAssessmentOnManagedInstanceMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
        "parameters": {
          "effect": {
          "value": "[parameters('vulnerabilityAssessmentOnManagedInstanceMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "adaptiveNetworkHardeningsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6",
        "parameters": {
          "effect": {
          "value": "[parameters('adaptiveNetworkHardeningsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "restrictAccessToManagementPortsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
        "parameters": {
          "effect": {
          "value": "[parameters('restrictAccessToManagementPortsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "disableIPForwardingMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744",
        "parameters": {
          "effect": {
          "value": "[parameters('disableIPForwardingMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "ensureServerTDEIsEncryptedWithYourOwnKeyMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd",
        "parameters": {
          "effect": {
          "value": "[parameters('ensureServerTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260",
        "parameters": {
          "effect": {
          "value": "[parameters('ensureManagedInstanceTDEIsEncryptedWithYourOwnKeyMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "containerBenchmarkMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933",
        "parameters": {
          "effect": {
          "value": "[parameters('containerBenchmarkMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "ASCDependencyAgentAuditWindowsEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2f2ee1de-44aa-4762-b6bd-0893fc3f306d",
        "parameters": {
          "effect": {
          "value": "[parameters('ASCDependencyAgentAuditWindowsEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "ASCDependencyAgentAuditLinuxEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/04c4380f-3fae-46e8-96c9-30193528f602",
        "parameters": {
          "effect": {
          "value": "[parameters('ASCDependencyAgentAuditLinuxEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "AzureFirewallEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c",
        "parameters": {
          "effect": {
          "value": "[parameters('AzureFirewallEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "ArcWindowsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e",
        "parameters": {
          "effect": {
          "value": "[parameters('ArcWindowsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "ArcLinuxMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/842c54e8-c2f9-4d79-ae8d-38d8b8019373",
        "parameters": {
          "effect": {
          "value": "[parameters('ArcLinuxMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "keyVaultsAdvancedDataSecurityMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047",
        "parameters": {
          "effect": {
          "value": "[parameters('keyVaultsAdvancedDataSecurityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlServersAdvancedDataSecurityMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlServersAdvancedDataSecurityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "storageAccountsAdvancedDataSecurityMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa",
        "parameters": {
          "effect": {
          "value": "[parameters('storageAccountsAdvancedDataSecurityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "appServicesAdvancedThreatProtectionMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb",
        "parameters": {
          "effect": {
          "value": "[parameters('appServicesAdvancedThreatProtectionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "containerRegistryAdvancedThreatProtectionMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4",
        "parameters": {
          "effect": {
          "value": "[parameters('containerRegistryAdvancedThreatProtectionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "kubernetesServiceAdvancedThreatProtectionMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a",
        "parameters": {
          "effect": {
          "value": "[parameters('kubernetesServiceAdvancedThreatProtectionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "virtualMachinesAdvancedThreatProtectionMonitoringEffect",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d",
        "parameters": {
          "effect": {
          "value": "[parameters('virtualMachinesAdvancedThreatProtectionMonitoringEffect')]"
          }
        }
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8"
}