AzInitiativeAdvertizer

last sync: 2020-Jul-09 14:13:41 UTC

Azure Policy Initiative

[Preview]: Australian Government ISM PROTECTED

Initiative DisplayName [Preview]: Australian Government ISM PROTECTED

Initiative Id 27272c0b-c225-4cc3-b8b0-f2534b093077

Initiative Category Regulatory Compliance

Initiative Description This initiative includes audit and virtual machine extension deployment policies that address a subset of Australian Government Information Security Manual(ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/AustralianGovernmentISM-blueprint.

Initiative Type BuiltIn

Initiative Changes

Date/Time (UTC ymd) (i)	Change(s)
2020-06-16 14:55:25	change DisplayName Name change: '[Preview]: Audit Australian Government ISM PROTECTED controls and deploy specific VM Extensions to support audit requirements' to '[Preview]: Australian Government ISM PROTECTED' change Description Description change: 'This initiative includes audit and VM Extension deployment policies that address a subset of Australian Government Information Security Manual (ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/AustralianGovernmentISM-blueprint' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Australian Government Information Security Manual(ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/AustralianGovernmentISM-blueprint.'
2020-04-22 04:43:14	add Initiative 27272c0b-c225-4cc3-b8b0-f2534b093077

Initiative Policies count Total Policies: 63
Builtin Policies: 63/63
Static Policies: 0/63

Initiative Policies

Policy DisplayName	Policy Id
Latest TLS version should be used in your API App	8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e
CORS should not allow every resource to access your Web Applications	5744710e-cc2f-4ee8-8809-3b11e89f4bc9
Show audit results from Linux VMs that have accounts without passwords	c40c9087-1981-4e73-9f53-39743eda9d05
[Preview] Vulnerability Assessment should be enabled on Virtual Machines	501541f7-f7e7-4cd6-868c-4190fdad3ac9
Show audit results from Linux VMs that allow remote connections from accounts without passwords	2d67222d-05fd-4526-a171-2ee132ad9e83
Advanced data security should be enabled on your SQL servers	abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9
Audit diagnostic setting	7f89b1eb-583c-429a-8828-af049802c1d9
Microsoft IaaSAntimalware extension should be deployed on Windows servers	9b597639-28e4-48eb-b506-56b05d366257
Vulnerabilities in container security configurations should be remediated	e8cbc669-f12d-49eb-93e7-9273119e9933
Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted	5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138
Secure transfer to storage accounts should be enabled	404c3081-a854-4457-ae30-26a93ef643f9
Storage accounts should restrict network access	34c877ad-507e-4c82-993e-3452a6e0ad3c
Only secure connections to your Azure Cache for Redis should be enabled	22bee202-a82f-4305-9a2a-6d7f44d4dedb
A maximum of 3 owners should be designated for your subscription	4f11b553-d42e-4e3a-89be-32ca364cad4c
Deploy prerequisites to audit Windows web servers that are not using secure communication protocols	b2fc8f91-866d-4434-9089-5ebfe38d6fd8
There should be more than one owner assigned to your subscription	09024ccc-0c5f-475e-9457-b7c0d9ed487b
External accounts with owner permissions should be removed from your subscription	f8456c1c-aa66-4dfb-861a-25d127b775c9
Show audit results from Windows VMs configurations in 'Security Settings - Account Policies'	ddb53c61-9db4-41d4-a953-2abff5b66c12
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated	3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4
Internet-facing virtual machines should be protected with network security groups	f6de0be7-9a8a-4b8a-b349-43cf02d22f7c
Transparent Data Encryption on SQL databases should be enabled	17k78e20-9358-41c9-923c-fb736d382a12
External accounts with write permissions should be removed from your subscription	5c607a2e-c700-4744-8254-d77e7c9eb5e4
Vulnerabilities in security configuration on your machines should be remediated	e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15
Adaptive application controls for whitelisting safe applications should be enabled on your machines	47a6b606-51aa-4496-8bb7-64b11cf66adc
Deprecated accounts should be removed from your subscription	6b1cbf55-e8b6-442f-ba4c-7246b6381474
Deploy prerequisites to audit Windows VMs configurations in 'Security Settings - Account Policies'	e3d95ab7-f47a-49d8-a347-784177b6c94c
Management ports of virtual machines should be protected with just-in-time network access control	b0f33259-77d7-4c9e-aac6-3aabcfae693c
Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords	ec49586f-4939-402d-a29e-6ff502b20592
MFA should be enabled on accounts with read permissions on your subscription	e3576e28-8b17-4677-84c3-db2990658d64
Audit virtual machines without disaster recovery configured	0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56
Show audit results from Windows VMs in which the Administrators group contains any of the specified members	bde62c94-ccca-4821-a815-92c1d31a76de
Deprecated accounts with owner permissions should be removed from your subscription	ebb62a0c-3560-49e1-89ed-27e074e9f8ad
Deploy prerequisites to audit Windows VMs in which the Administrators group contains any of the specified members	144f1397-32f9-4598-8c88-118decc3ccba
Vulnerability assessment should be enabled on your SQL servers	ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9
Azure subscriptions should have a log profile for Activity Log	7796937f-307b-4598-941c-67d3a05ebfe7
Vulnerabilities should be remediated by a Vulnerability Assessment solution	760a85ff-6162-42b3-8d70-698e268f648c
Latest TLS version should be used in your Web App	f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
An Azure Active Directory administrator should be provisioned for SQL servers	1f314764-cb73-4fc9-b863-8eca98ac36e9
Service Fabric clusters should only use Azure Active Directory for client authentication	b54ed75b-3e1a-44ac-a333-05ba39b99ff0
Latest TLS version should be used in your Function App	f9d614c5-c173-4d56-95a7-b4437057d193
Vulnerability assessment should be enabled on SQL Managed Instance	1b7aa243-30e4-4c9e-bca8-d0d3022b634a
Remote debugging should be turned off for Web Applications	cb510bfd-1cba-4d9f-a230-cb0976f4bb71
Advanced data security should be enabled on SQL Managed Instance	abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9
Remote debugging should be turned off for API Apps	e9c8d085-d9cc-4b17-9cdc-059f1f01f19e
System updates on virtual machine scale sets should be installed	c3f317a7-a95c-4547-b7e7-11017ebdf2fe
Show audit results from Windows web servers that are not using secure communication protocols	60ffe3e2-4604-4460-8f22-0f1da058266c
Remote debugging should be turned off for Function Apps	0e60b895-3786-45da-8377-9c6b4b6ac5f9
Azure DDoS Protection Standard should be enabled	a7aca53f-2ed4-4466-a25e-0b45ade68efd
API App should only be accessible over HTTPS	b7ddfbdc-1260-477d-91fd-98bd9be789a6
Monitor missing Endpoint Protection in Azure Security Center	af6cd1bd-1635-48cb-bde7-5b15693900b9
Function App should only be accessible over HTTPS	6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab
Adaptive Network Hardening recommendations should be applied on internet facing virtual machines	08e6af2d-db70-460a-bfe9-d5bd474ba9d6
System updates should be installed on your machines	86b3d65f-7626-441e-b690-81a8b71cff60
Audit Log Analytics workspace for VM - Report Mismatch	f47b5582-33ec-4c5c-87c0-b010a6b2e917
MFA should be enabled on accounts with owner permissions on your subscription	aa633080-8b72-40c4-a2d7-d00c03e80bed
Disk encryption should be applied on virtual machines	0961003e-5a0a-4549-abde-af6a37f2724d
Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports	057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9
Vulnerabilities on your SQL databases should be remediated	feedbf84-6b99-488c-acc2-71c829aa5ffc
Deploy prerequisites to audit Linux VMs that have accounts without passwords	3470477a-b35a-49db-aca5-1073d04524fe
[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted	32133ab0-ee4b-4b44-98d6-042180979d50
MFA should be enabled accounts with write permissions on your subscription	9297c21d-2ed6-4474-b48f-163f75654ce3
Web Application should only be accessible over HTTPS	a4af4a39-4135-47fb-b175-47fbdf85311d
Endpoint protection solution should be installed on virtual machine scale sets	26a828e1-e88f-464e-bbb3-c134a282b9de

Initiative Rule

{
  "properties": {
  "displayName": "[Preview]: Australian Government ISM PROTECTED",
    "policyType": "BuiltIn",
    "description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of Australian Government Information Security Manual(ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/AustralianGovernmentISM-blueprint.",
    "metadata": {
      "version": "1.0.1-preview",
      "category": "Regulatory Compliance",
      "preview": true
    },
    "parameters": {
      "membersToExclude": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: List of users excluded from Windows VM Administrators group",
          "description": "A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"
        }
      },
      "logAnalyticsWorkspaceId": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Log Analytics Workspace Id that VMs should be configured for",
          "description": "This is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured for."
        }
      },
      "vulnerabilityAssessmentEmailSettingForReceivingScanReportsEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports",
          "description": "Enable or disable the monitoring of Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "adaptiveNetworkHardeningsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Adaptive Network Hardening recommendations should be applied on internet facing virtual machines",
          "description": "Enable or disable the monitoring of Internet-facing virtual machines for Network Security Group traffic hardening recommendations"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityDesignateMoreThanOneOwnerMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: There should be more than one owner assigned to your subscription",
          "description": "Enable or disable the monitoring of minimum owners in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diskEncryptionMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Disk encryption should be applied on virtual machines",
          "description": "Enable or disable the monitoring for VM disk encryption"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "functionAppDisableRemoteDebuggingMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Remote debugging should be turned off for Function App",
          "description": "Enable or disable the monitoring of remote debugging for Function App"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlDbEncryptionMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Transparent Data Encryption on SQL databases should be enabled",
          "description": "Enable or disable the monitoring of unencrypted SQL databases"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "vulnerabilityAssessmentOnManagedInstanceMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Vulnerability assessment should be enabled on SQL Managed Instance",
          "description": "Audit each SQL Managed Instance which doesn't have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "aadAuthenticationInSqlServerMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: An Azure Active Directory administrator should be provisioned for SQL servers",
          "description": "Enable or disable the monitoring of an Azure AD admininistrator for SQL server"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "diagnosticsLogsInRedisCacheMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Only secure connections to your Redis Cache should be enabled",
          "description": "Enable or disable the monitoring of diagnostic logs in Azure Redis Cache"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "vmssEndpointProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Endpoint protection solution should be installed on virtual machine scale sets",
          "description": "Enable or disable the monitoring of virtual machine scale sets endpoint protection monitoring"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "listOfImageIdToIncludeWindows": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: Optional: List of VM images that have supported Windows OS to add to scope",
          "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
        },
        "defaultValue": [
          
        ]
      },
      "listOfImageIdToIncludeLinux": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: Optional: List of VM images that have supported Linux OS to add to scope",
          "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
        },
        "defaultValue": [
          
        ]
      },
      "auditUnrestrictedNetworkToStorageAccountMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Audit unrestricted network access to storage accounts",
          "description": "Enable or disable the monitoring of network access to storage account"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "vmssOsVulnerabilitiesMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated",
          "description": "Enable or disable the monitoring of virtual machine scale sets OS vulnerabilities monitoring"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "secureTransferToStorageAccountMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Secure transfer to storage accounts should be enabled",
          "description": "Enable or disable the monitoring of secure transfer to storage account"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "adaptiveApplicationControlsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Adaptive Application Controls should be enabled on virtual machines",
          "description": "Enable or disable the monitoring of allowed application list in Azure Security Center"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityDesignateLessThanOwnersMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: A maximum of 3 owners should be designated for your subscription",
          "description": "Enable or disable the monitoring of maximum owners in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "serverVulnerabilityAssessmentEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview] Vulnerability Assessment should be enabled on Virtual Machines",
          "description": "Enable or disable the detection of VM vulnerabilities by Azure Security Center Vulnerability Assessment"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webAppRestrictCORSAccessMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: CORS should not allow every resource to access your Web Application",
          "description": "Enable or disable the monitoring of CORS restrictions for Web Application"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityRemoveExternalAccountWithWritePermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: External accounts with write permissions should be removed from your subscription",
          "description": "Enable or disable the monitoring of external acounts with write permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityRemoveDeprecatedAccountMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Deprecated accounts should be removed from your subscription",
          "description": "Enable or disable the monitoring of deprecated acounts in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "functionAppEnforceHttpsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Function App should only be accessible over HTTPS v2",
          "description": "Enable or disable the monitoring of the use of HTTPS in Function App v2"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "vulnerabilityAssessmentMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Vulnerabilities should be remediated by a Vulnerability Assessment solution",
          "description": "Enable or disable the detection of VM vulnerabilities by a vulnerability assessment solution"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "logProfilesForActivityLogEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Azure subscriptions should have a log profile for Activity Log",
          "description": "Enable or disable the monitoring of a log profile for Activity Log in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "listOfResourceTypes": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: List of resource types that should have diagnostic logs enabled",
          "strongType": "resourceTypes"
        }
      },
      "systemUpdatesMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: System updates should be installed on your machines",
          "description": "Enable or disable the monitoring of system updates reporting"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "apiAppRequireLatestTlsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest TLS version should be used for App Service",
          "description": "Enable or disable the monitoring of the latest TLS version in App Service"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityEnableMFAForWritePermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: MFA should be enabled accounts with write permissions on your subscription",
          "description": "Enable or disable the monitoring of MFA for accounts with write permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "anitmalwareRequiredForWindowsServersEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Microsoft IaaSAntimalware extension should be deployed on Windows servers",
          "description": "Enable or disable the monitoring of Windows server VMs without Microsoft IaaSAntimalware extension deployed"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webAppEnforceHttpsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Web Application should only be accessible over HTTPS v2",
          "description": "Enable or disable the monitoring of the use of HTTPS in Web App v2"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "vnetEnableDDoSProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: DDoS Protection Standard should be enabled",
          "description": "Enable or disable the monitoring of DDoS protection for all virtual networks with a subnet that is part of an application gateway with a public IP."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityEnableMFAForOwnerPermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: MFA should be enabled on accounts with owner permissions on your subscription",
          "description": "Enable or disable the monitoring of MFA for accounts with owner permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlServerAdvancedDataSecurityMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Advanced data security should be enabled on your SQL servers",
          "description": "Enable or disable the monitoring of SQL servers without Advanced Data Security"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlManagedInstanceAdvancedDataSecurityMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Advanced data security should be enabled on SQL Managed Instance",
          "description": "Enable or disable the monitoring of each SQL Managed Instance without advanced data security."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "endpointProtectionMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Monitor missing endpoint protection in Azure Security Center",
          "description": "Enable or disable the monitoring of endpoint protection"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "jitNetworkAccessMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Just-in-time network access control should be applied on virtual machines",
          "description": "Enable or disable the monitoring of network just-in-time access"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "minimumTLSVersion": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Minimum TLS version",
          "description": "The minimum TLS protocol version that should be enabled. Windows web servers with lower TLS versions will be marked as non-compliant."
        },
        "allowedValues": [
          "1.2"
        ],
        "defaultValue": "1.2"
      },
      "aadAuthenticationInServiceFabricMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Service Fabric clusters should only use Azure Active Directory for client authentication",
          "description": "Enable or disable the monitoring of Azure Active Directory for client authentication in Service Fabric"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "apiAppEnforceHttpsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: App Service should only be accessible over HTTPS v2",
          "description": "Enable or disable the monitoring of the use of HTTPS v2 in App Service"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "vmssSystemUpdatesMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: System updates on virtual machine scale sets should be installed",
          "description": "Enable or disable the monitoring of virtual machine scale sets system updates reporting"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webAppDisableRemoteDebuggingMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Remote debugging should be turned off for Web Application",
          "description": "Enable or disable the monitoring of remote debugging for Web App"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "systemConfigurationsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Vulnerabilities in security configuration on your machines should be remediated",
          "description": "Enable or disable the monitoring of OS vulnerabilities (based on a configured baseline)"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityEnableMFAForReadPermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: MFA should be enabled on accounts with read permissions on your subscription",
          "description": "Enable or disable the monitoring of MFA for accounts with read permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "enforcePasswordHistory": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Enforce password history",
          "description": "Specifies limits on password reuse - how many times a new password must be created for a user account before the password can be repeated."
        },
        "defaultValue": "24"
      },
      "maximumPasswordAge": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Maximum password age",
          "description": "Specifies the maximum number of days that may elapse before a user account password must be changed. The format of the value is two integers separated by a comma, denoting an inclusive range."
        },
        "defaultValue": "1,70"
      },
      "minimumPasswordAge": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Minimum password age",
          "description": "Specifies the minimum number of days that must elapse before a user account password can be changed."
        },
        "defaultValue": "1"
      },
      "minimumPasswordLength": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Minimum password length",
          "description": "Specifies the minimum number of characters that a user account password may contain."
        },
        "defaultValue": "10"
      },
      "passwordMustMeetComplexityRequirements": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Password must meet complexity requirements",
          "description": "Specifies whether a user account password must be complex. If required, a complex password must not contain part of user's account name or full name; be at least 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters."
        },
        "allowedValues": [
          "0",
          "1"
        ],
        "defaultValue": "1"
      },
      "containerBenchmarkMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Vulnerabilities in container security configurations should be remediated",
          "description": "Enable or disable the monitoring of container benchmark"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "apiAppDisableRemoteDebuggingMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Remote debugging should be turned off for App Service",
          "description": "Enable or disable the monitoring of remote debugging for App Service"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Deprecated accounts with owner permissions should be removed from your subscription",
          "description": "Enable or disable the monitoring of deprecated acounts with owner permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "vulnerabilityAssessmentOnServerMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Vulnerability assessment should be enabled on your SQL servers",
          "description": "Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "webAppRequireLatestTlsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest TLS version should be used in your Web App",
          "description": "Enable or disable the monitoring of the latest TLS version in Web App"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "networkSecurityGroupsOnVirtualMachinesMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Internet-facing virtual machines should be protected with Network Security Groups",
          "description": "Enable or disable the monitoring of NSGs on VMs"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: External accounts with owner permissions should be removed from your subscription",
          "description": "Enable or disable the monitoring of external acounts with owner permissions in subscription"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "functionAppRequireLatestTlsMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest TLS version should be used in your Function App",
          "description": "Enable or disable the monitoring of the latest TLS version in Function App"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "sqlDbVulnerabilityAssesmentMonitoringEffect": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Vulnerabilities on your SQL databases should be remediated",
          "description": "Enable or disable the monitoring of Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities."
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "auditVirtualMachinesWithoutDisasterRecoveryConfigured",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56",
        "parameters": {
          
        }
      },
      {
        "policyDefinitionReferenceId": "vulnerabilityAssessmentEmailSettingForReceivingScanReports",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9",
        "parameters": {
          "effect": {
          "value": "[parameters('vulnerabilityAssessmentEmailSettingForReceivingScanReportsEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "adaptiveNetworkHardeningsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6",
        "parameters": {
          "effect": {
          "value": "[parameters('adaptiveNetworkHardeningsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityDesignateMoreThanOneOwnerMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b",
        "parameters": {
          "effect": {
          "value": "[parameters('identityDesignateMoreThanOneOwnerMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diskEncryptionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
        "parameters": {
          "effect": {
          "value": "[parameters('diskEncryptionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "functionAppDisableRemoteDebuggingMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9",
        "parameters": {
          "effect": {
          "value": "[parameters('functionAppDisableRemoteDebuggingMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "deployAdministratorsGroupMembersToExclude",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/144f1397-32f9-4598-8c88-118decc3ccba",
        "parameters": {
          "membersToExclude": {
          "value": "[parameters('membersToExclude')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlDbEncryptionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlDbEncryptionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vulnerabilityAssessmentOnManagedInstanceMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
        "parameters": {
          "effect": {
          "value": "[parameters('vulnerabilityAssessmentOnManagedInstanceMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "aadAuthenticationInSqlServerMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9",
        "parameters": {
          "effect": {
          "value": "[parameters('aadAuthenticationInSqlServerMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "diagnosticsLogsInRedisCacheMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb",
        "parameters": {
          "effect": {
          "value": "[parameters('diagnosticsLogsInRedisCacheMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vmssEndpointProtectionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
        "parameters": {
          "effect": {
          "value": "[parameters('vmssEndpointProtectionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "previewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83",
        "parameters": {
          
        }
      },
      {
        "policyDefinitionReferenceId": "logAnalyticsOSImageAudit",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50",
        "parameters": {
          "listOfImageIdToInclude_windows": {
          "value": "[parameters('listOfImageIdToIncludeWindows')]"
          },
          "listOfImageIdToInclude_linux": {
          "value": "[parameters('listOfImageIdToIncludeLinux')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "previewDeployVmExtensionToAuditLinuxVmAccountsWithNoPasswords",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe",
        "parameters": {
          
        }
      },
      {
        "policyDefinitionReferenceId": "auditUnrestrictedNetworkToStorageAccountMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
        "parameters": {
          "effect": {
          "value": "[parameters('auditUnrestrictedNetworkToStorageAccountMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vmssOsVulnerabilitiesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4",
        "parameters": {
          "effect": {
          "value": "[parameters('vmssOsVulnerabilitiesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "secureTransferToStorageAccountMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
        "parameters": {
          "effect": {
          "value": "[parameters('secureTransferToStorageAccountMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "adaptiveApplicationControlsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc",
        "parameters": {
          "effect": {
          "value": "[parameters('adaptiveApplicationControlsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityDesignateLessThanOwnersMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c",
        "parameters": {
          "effect": {
          "value": "[parameters('identityDesignateLessThanOwnersMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "serverVulnerabilityAssessment",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9",
        "parameters": {
          "effect": {
          "value": "[parameters('serverVulnerabilityAssessmentEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "webAppRestrictCORSAccessMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppRestrictCORSAccessMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "logAnalyticsOSImageVMSSAudit",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138",
        "parameters": {
          "listOfImageIdToInclude_windows": {
          "value": "[parameters('listOfImageIdToIncludeWindows')]"
          },
          "listOfImageIdToInclude_linux": {
          "value": "[parameters('listOfImageIdToIncludeLinux')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityRemoveExternalAccountWithWritePermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4",
        "parameters": {
          "effect": {
          "value": "[parameters('identityRemoveExternalAccountWithWritePermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "auditThatWindowsWebServersAreUsingsScureCommunicationProtocols",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c",
        "parameters": {
          
        }
      },
      {
        "policyDefinitionReferenceId": "identityRemoveDeprecatedAccountMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474",
        "parameters": {
          "effect": {
          "value": "[parameters('identityRemoveDeprecatedAccountMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "functionAppEnforceHttpsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
        "parameters": {
          "effect": {
          "value": "[parameters('functionAppEnforceHttpsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vulnerabilityAssessmentMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c",
        "parameters": {
          "effect": {
          "value": "[parameters('vulnerabilityAssessmentMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "logProfilesForActivityLog",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7",
        "parameters": {
          "effect": {
          "value": "[parameters('logProfilesForActivityLogEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "auditDiagnosticSetting",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9",
        "parameters": {
          "listOfResourceTypes": {
          "value": "[parameters('listOfResourceTypes')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "systemUpdatesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60",
        "parameters": {
          "effect": {
          "value": "[parameters('systemUpdatesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "apiAppRequireLatestTlsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
        "parameters": {
          "effect": {
          "value": "[parameters('apiAppRequireLatestTlsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityEnableMFAForWritePermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3",
        "parameters": {
          "effect": {
          "value": "[parameters('identityEnableMFAForWritePermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "anitmalwareRequiredForWindowsServers",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257",
        "parameters": {
          "effect": {
          "value": "[parameters('anitmalwareRequiredForWindowsServersEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "webAppEnforceHttpsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppEnforceHttpsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "vnetEnableDDoSProtectionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd",
        "parameters": {
          "effect": {
          "value": "[parameters('vnetEnableDDoSProtectionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityEnableMFAForOwnerPermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed",
        "parameters": {
          "effect": {
          "value": "[parameters('identityEnableMFAForOwnerPermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlServerAdvancedDataSecurityMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlServerAdvancedDataSecurityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlManagedInstanceAdvancedDataSecurityMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlManagedInstanceAdvancedDataSecurityMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "endpointProtectionMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
        "parameters": {
          "effect": {
          "value": "[parameters('endpointProtectionMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "jitNetworkAccessMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c",
        "parameters": {
          "effect": {
          "value": "[parameters('jitNetworkAccessMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "deployWindowsTLS",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8",
        "parameters": {
          "minimumTLSVersion": {
          "value": "[parameters('minimumTLSVersion')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "aadAuthenticationInServiceFabricMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0",
        "parameters": {
          "effect": {
          "value": "[parameters('aadAuthenticationInServiceFabricMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "apiAppEnforceHttpsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6",
        "parameters": {
          "effect": {
          "value": "[parameters('apiAppEnforceHttpsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "auditThatTheAdministratorsGroupInsideWindowsVMsExcludesTheSpecifiedMembers",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bde62c94-ccca-4821-a815-92c1d31a76de",
        "parameters": {
          
        }
      },
      {
        "policyDefinitionReferenceId": "vmssSystemUpdatesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe",
        "parameters": {
          "effect": {
          "value": "[parameters('vmssSystemUpdatesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "previewAuditLinuxVmAccountsWithNoPasswords",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05",
        "parameters": {
          
        }
      },
      {
        "policyDefinitionReferenceId": "webAppDisableRemoteDebuggingMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppDisableRemoteDebuggingMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "auditAzureBaselineSecuritySettingsAccountPolicies",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12",
        "parameters": {
          
        }
      },
      {
        "policyDefinitionReferenceId": "systemConfigurationsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
        "parameters": {
          "effect": {
          "value": "[parameters('systemConfigurationsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityEnableMFAForReadPermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64",
        "parameters": {
          "effect": {
          "value": "[parameters('identityEnableMFAForReadPermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "deployAzureBaselineSecuritySettingsAccountPolicies",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c",
        "parameters": {
          "enforcePasswordHistory": {
          "value": "[parameters('enforcePasswordHistory')]"
          },
          "maximumPasswordAge": {
          "value": "[parameters('maximumPasswordAge')]"
          },
          "minimumPasswordAge": {
          "value": "[parameters('minimumPasswordAge')]"
          },
          "minimumPasswordLength": {
          "value": "[parameters('minimumPasswordLength')]"
          },
          "passwordMustMeetComplexityRequirements": {
          "value": "[parameters('passwordMustMeetComplexityRequirements')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "containerBenchmarkMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933",
        "parameters": {
          "effect": {
          "value": "[parameters('containerBenchmarkMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "apiAppDisableRemoteDebuggingMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e",
        "parameters": {
          "effect": {
          "value": "[parameters('apiAppDisableRemoteDebuggingMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad",
        "parameters": {
          "effect": {
          "value": "[parameters('identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "previewDeployVmExtensionToAuditLinuxVmAllowingRemoteConnectionsFromAccountsWithNoPasswords",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592",
        "parameters": {
          
        }
      },
      {
        "policyDefinitionReferenceId": "vulnerabilityAssessmentOnServerMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
        "parameters": {
          "effect": {
          "value": "[parameters('vulnerabilityAssessmentOnServerMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "webAppRequireLatestTlsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
        "parameters": {
          "effect": {
          "value": "[parameters('webAppRequireLatestTlsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "previewAuditLogAnalyticsWorkspaceForVmReportMismatch",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917",
        "parameters": {
          "logAnalyticsWorkspaceId": {
          "value": "[parameters('logAnalyticsWorkspaceId')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "networkSecurityGroupsOnVirtualMachinesMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
        "parameters": {
          "effect": {
          "value": "[parameters('networkSecurityGroupsOnVirtualMachinesMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "identityRemoveExternalAccountWithOwnerPermissionsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9",
        "parameters": {
          "effect": {
          "value": "[parameters('identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "functionAppRequireLatestTlsMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
        "parameters": {
          "effect": {
          "value": "[parameters('functionAppRequireLatestTlsMonitoringEffect')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "sqlDbVulnerabilityAssesmentMonitoring",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc",
        "parameters": {
          "effect": {
          "value": "[parameters('sqlDbVulnerabilityAssesmentMonitoringEffect')]"
          }
        }
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "27272c0b-c225-4cc3-b8b0-f2534b093077"
}

Azure Policy Initiative

[Preview]: Australian Government ISM PROTECTED

Popular