AzInitiativeAdvertizer

last sync: 2025-Oct-31 18:22:44 UTC

SWIFT CSP-CSCF v2020

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameSWIFT CSP-CSCF v2020
Id3e0c67fc-8c7c-406c-89bd-6b6bdc986a22
Version6.6.1
Details on versioning
Versioning Versions supported for Versioning: 7
6.6.1
6.6.0-preview
6.5.0-preview
6.4.0-preview
6.3.0-preview
6.2.0-preview
6.1.0-preview
Built-in Versioning [Preview]
CategoryRegulatory Compliance
Microsoft Learn
DescriptionThis initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2020-init.
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = unknown
Available in AzUSGovUnknown, no evidence if PolicySet definition is/not available in AzureUSGovernment
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 48
Builtin Policies: 48
Static Policies: 0
GA: 48
12 categories:
App Service: 4
Automation: 1
Cache: 1
Compute: 2
General: 1
Guest Configuration: 17
Monitoring: 2
Security Center: 11
Service Fabric: 1
SQL: 4
Storage: 3
Stream Analytics: 1
Policy-used
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c Security Center 3.0.0 1x
3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration 4.1.0 2x
4.1.0, 4.0.0		 Fixed
modify		 1 Contributor GA true
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration 4.1.0 2x
4.1.0, 4.0.0		 Fixed
modify		 1 Contributor GA true
All network ports should be restricted on network security groups associated to your virtual machine 9daedab3-fb2d-461e-b861-71790eead4f6 Security Center 3.0.0 1x
3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9 SQL 1.0.0 1x
1.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
App Service apps should have remote debugging turned off cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service 2.0.0 1x
2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
App Service apps should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service 4.0.0 1x
4.0.0		 Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA true
Audit diagnostic setting for selected resource types 7f89b1eb-583c-429a-8828-af049802c1d9 Monitoring 2.0.1 1x
2.0.1		 Fixed
AuditIfNotExists		 0 GA true
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Guest Configuration 3.1.0 2x
3.1.0, 3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861 Guest Configuration 3.1.0 2x
3.1.0, 3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Audit Linux machines that have accounts without passwords f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Guest Configuration 3.1.0 2x
3.1.0, 3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Audit usage of custom RBAC roles a451c1ef-c6ca-483d-87ed-f49761e3ffb5 General 1.0.1 1x
1.0.1		 Default
Audit
Allowed
Audit, Disabled		 0 GA true
Audit VMs that do not use managed disks 06a78e20-9358-41c9-923c-fb736d382a4d Compute 1.0.0 1x
1.0.0		 Fixed
audit		 0 GA true
Audit Windows machines missing any of specified members in the Administrators group 30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Guest Configuration 2.0.0 1x
2.0.0		 Fixed
auditIfNotExists		 0 GA true
Audit Windows machines on which the Log Analytics agent is not connected as expected 6265018c-d7e2-432f-a75d-094d5f6f4465 Guest Configuration 2.0.0 1x
2.0.0		 Fixed
auditIfNotExists		 0 GA true
Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b Guest Configuration 2.1.0 1x
2.1.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Audit Windows machines that are not joined to the specified domain 84662df4-0e37-44a6-9ce1-c9d2150db18c Guest Configuration 2.0.0 1x
2.0.0		 Fixed
auditIfNotExists		 0 GA true
Audit Windows machines that do not have the maximum password age set to specified number of days 4ceb8dc2-559c-478b-a15b-733fbf1e3738 Guest Configuration 2.1.0 1x
2.1.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Audit Windows machines that do not have the minimum password age set to specified number of days 237b38db-ca4d-4259-9e47-7882441ca2c0 Guest Configuration 2.1.0 1x
2.1.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74 Guest Configuration 2.0.0 1x
2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Audit Windows machines that do not restrict the minimum password length to specified number of characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration 2.1.0 1x
2.1.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Audit Windows machines that do not store passwords using reversible encryption da0f98fe-a24b-4ad5-af69-bd0400233661 Guest Configuration 2.0.0 1x
2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL 2.0.0 1x
2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation 1.1.0 1x
1.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Azure DDoS Protection should be enabled a7aca53f-2ed4-4466-a25e-0b45ade68efd Security Center 3.0.1 2x
3.0.1, 3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Azure Defender for SQL should be enabled for unprotected Azure SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL 2.0.1 1x
2.0.1		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Blocked accounts with owner permissions on Azure resources should be removed 0cfea604-3201-4e14-88fc-fae4c427a6c5 Security Center 1.0.0 1x
1.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Blocked accounts with read and write permissions on Azure resources should be removed 8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Security Center 1.0.0 1x
1.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Monitoring 2.1.0 2x
2.1.0, 2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration 3.2.0 3x
3.2.0, 3.1.0, 3.0.0		 Fixed
deployIfNotExists		 1 Contributor GA true
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration 1.3.0 2x
1.3.0, 1.2.0		 Fixed
deployIfNotExists		 1 Contributor GA true
Function apps should have remote debugging turned off 0e60b895-3786-45da-8377-9c6b4b6ac5f9 App Service 2.1.0 2x
2.1.0, 2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Function apps should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab App Service 5.1.0 2x
5.1.0, 5.0.0		 Default
Audit
Allowed
Audit, Disabled, Deny		 0 GA true
Guest accounts with owner permissions on Azure resources should be removed 339353f6-2387-4a45-abe4-7f529d121046 Security Center 1.0.0 1x
1.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Guest accounts with read permissions on Azure resources should be removed e9ac8f8e-ce22-4355-8f04-99b911d6be52 Security Center 1.0.0 1x
1.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Guest accounts with write permissions on Azure resources should be removed 94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Security Center 1.0.0 1x
1.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Management ports of virtual machines should be protected with just-in-time network access control b0f33259-77d7-4c9e-aac6-3aabcfae693c Security Center 3.0.0 1x
3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb Cache 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Resource logs in Azure Stream Analytics should be enabled f9be5368-9bf5-4b84-9e0a-7850da98bb46 Stream Analytics 5.0.0 1x
5.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage 2.0.0 1x
2.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Service Fabric clusters should only use Azure Active Directory for client authentication b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric 1.1.0 1x
1.1.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center 4.1.0 1x
4.1.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Storage accounts should be migrated to new Azure Resource Manager resources 37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage 1.1.1 1x
1.1.1		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b Security Center 3.0.0 1x
3.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL 2.0.0 1x
2.0.0		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Virtual machines should be migrated to new Azure Resource Manager resources 1d84d5fb-01f6-4d12-ba4f-4a26081d403d Compute 1.0.0 1x
1.0.0		 Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA true
Windows machines should be configured to use secure communication protocols 5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Guest Configuration 4.1.1 1x
4.1.1		 Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA true
Roles used Total Roles usage: 4
Total Roles unique usage: 1
Role Role Id #Policies Policies
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 4 Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities, Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity, Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs, Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs
History
Date/Time (UTC ymd) (i) Changes
2025-09-17 17:22:43 Version change: '6.6.0-preview' to '6.6.1'
Name change: '[Preview]: SWIFT CSP-CSCF v2020' to 'SWIFT CSP-CSCF v2020'
2025-03-12 18:29:00 Version change: '6.5.0-preview' to '6.6.0-preview'
remove Policy [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated (e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15)
2025-01-28 19:35:17 Version change: '6.4.0-preview' to '6.5.0-preview'
remove Policy [Deprecated]: Accounts with owner permissions on Azure resources should be MFA enabled (e3e008c3-56b9-4133-8fd7-d3347377402a)
remove Policy [Deprecated]: Accounts with read permissions on Azure resources should be MFA enabled (81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4)
remove Policy [Deprecated]: Accounts with write permissions on Azure resources should be MFA enabled (931e118d-50a1-4457-a5e4-78550e086c52)
2024-10-15 17:53:51 Version change: '6.3.0-preview' to '6.4.0-preview'
remove Policy [Deprecated]: System updates should be installed on your machines (86b3d65f-7626-441e-b690-81a8b71cff60)
remove Policy [Deprecated]: System updates on virtual machine scale sets should be installed (c3f317a7-a95c-4547-b7e7-11017ebdf2fe)
2024-09-05 17:48:45 Version change: '6.2.0-preview' to '6.3.0-preview'
remove Policy [Deprecated]: Adaptive network hardening recommendations should be applied on internet facing virtual machines (08e6af2d-db70-460a-bfe9-d5bd474ba9d6)
remove Policy [Deprecated]: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated (3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4)
remove Policy [Deprecated]: Adaptive application controls for defining safe applications should be enabled on your machines (47a6b606-51aa-4496-8bb7-64b11cf66adc)
2024-08-29 17:47:54 Version change: '6.1.0-preview' to '6.2.0-preview'
remove Policy [Deprecated]: Endpoint protection solution should be installed on virtual machine scale sets (26a828e1-e88f-464e-bbb3-c134a282b9de)
remove Policy [Deprecated]: Monitor missing Endpoint Protection in Azure Security Center (af6cd1bd-1635-48cb-bde7-5b15693900b9)
2023-05-04 17:45:12 add Policy Blocked accounts with read and write permissions on Azure resources should be removed (8d7e1fde-fe26-4b5f-8108-f8e432cbc2be)
add Policy Blocked accounts with owner permissions on Azure resources should be removed (0cfea604-3201-4e14-88fc-fae4c427a6c5)
add Policy [Deprecated]: Accounts with write permissions on Azure resources should be MFA enabled (931e118d-50a1-4457-a5e4-78550e086c52)
add Policy Guest accounts with write permissions on Azure resources should be removed (94e1c2ac-cbbe-4cac-a2b5-389c812dee87)
add Policy [Deprecated]: Accounts with owner permissions on Azure resources should be MFA enabled (e3e008c3-56b9-4133-8fd7-d3347377402a)
add Policy [Deprecated]: Accounts with read permissions on Azure resources should be MFA enabled (81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4)
add Policy Guest accounts with owner permissions on Azure resources should be removed (339353f6-2387-4a45-abe4-7f529d121046)
add Policy Guest accounts with read permissions on Azure resources should be removed (e9ac8f8e-ce22-4355-8f04-99b911d6be52)
Version change: '6.0.0-preview' to '6.1.0-preview'
remove Policy [Deprecated]: Deprecated accounts with owner permissions should be removed from your subscription (ebb62a0c-3560-49e1-89ed-27e074e9f8ad)
remove Policy [Deprecated]: External accounts with write permissions should be removed from your subscription (5c607a2e-c700-4744-8254-d77e7c9eb5e4)
remove Policy [Deprecated]: Deprecated accounts should be removed from your subscription (6b1cbf55-e8b6-442f-ba4c-7246b6381474)
remove Policy [Deprecated]: External accounts with read permissions should be removed from your subscription (5f76cf89-fbf2-47fd-a3f4-b891fa780b60)
remove Policy [Deprecated]: MFA should be enabled on accounts with read permissions on your subscription (e3576e28-8b17-4677-84c3-db2990658d64)
remove Policy [Deprecated]: External accounts with owner permissions should be removed from your subscription (f8456c1c-aa66-4dfb-861a-25d127b775c9)
remove Policy [Deprecated]: MFA should be enabled on accounts with owner permissions on your subscription (aa633080-8b72-40c4-a2d7-d00c03e80bed)
remove Policy [Deprecated]: MFA should be enabled for accounts with write permissions on your subscription (9297c21d-2ed6-4474-b48f-163f75654ce3)
2022-07-07 16:32:14 Version change: '5.0.0-preview' to '6.0.0-preview'
remove Policy [Deprecated]: Remote debugging should be turned off for API Apps (e9c8d085-d9cc-4b17-9cdc-059f1f01f19e)
2022-06-10 16:31:22 Version change: '3.1.1-preview' to '5.0.0-preview'
remove Policy [Deprecated]: API App should only be accessible over HTTPS (b7ddfbdc-1260-477d-91fd-98bd9be789a6)
2022-04-07 17:18:35 Version change: '3.1.0-preview' to '3.1.1-preview'
2022-04-01 20:29:13 Description change: 'This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift-blueprint.' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2020-init.'
2020-09-09 11:24:08 add Policy Audit Windows machines missing any of specified members in the Administrators group (30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7)
add Policy Audit Linux machines that have accounts without passwords (f6ec09a3-78bf-4f8f-99dc-6c77182d0f99)
add Policy Audit Windows machines that are not joined to the specified domain (84662df4-0e37-44a6-9ce1-c9d2150db18c)
add Policy Audit Windows machines that do not store passwords using reversible encryption (da0f98fe-a24b-4ad5-af69-bd0400233661)
add Policy Audit Linux machines that allow remote connections from accounts without passwords (ea53dbee-c6c9-4f0e-9f9e-de0039b78023)
add Policy Audit Windows machines that do not restrict the minimum password length to specified number of characters (a2d0e922-65d0-40c4-8f87-ea6da2d307a2)
add Policy Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs (385f5831-96d4-41db-9a3c-cd3af78aaae6)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity (497dff13-db2a-4c0f-8603-28fa3b331ab6)
add Policy Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords (5b054a0d-39e2-4d53-bea3-9734cad2c69b)
add Policy Audit Windows machines that do not have the maximum password age set to specified number of days (4ceb8dc2-559c-478b-a15b-733fbf1e3738)
add Policy Audit Linux machines that do not have the passwd file permissions set to 0644 (e6955644-301c-44b5-a4c4-528577de6861)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities (3cf2ab00-13f1-4d0c-8971-2ac904541a7e)
add Policy Windows machines should be configured to use secure communication protocols (5752e6d6-1206-46d8-8ab1-ecc2f71a8112)
add Policy Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs (331e8ea8-378a-410f-a2e5-ae22f38bb0da)
add Policy Audit Windows machines that do not have the minimum password age set to specified number of days (237b38db-ca4d-4259-9e47-7882441ca2c0)
add Policy Audit Windows machines that do not have the password complexity setting enabled (bf16e0bb-31e1-4646-8202-60a235cc7e74)
add Policy Audit Windows machines on which the Log Analytics agent is not connected as expected (6265018c-d7e2-432f-a75d-094d5f6f4465)
remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that have accounts without passwords (3470477a-b35a-49db-aca5-1073d04524fe)
remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords (ec49586f-4939-402d-a29e-6ff502b20592)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not have a maximum password age of 70 days (24dde96d-f0b1-425e-884f-4a1421e2dcdc)
remove Policy [Deprecated]: Show audit results from Linux VMs that have accounts without passwords (c40c9087-1981-4e73-9f53-39743eda9d05)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled (7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows web servers that are not using secure communication protocols (b2fc8f91-866d-4434-9089-5ebfe38d6fd8)
remove Policy [Deprecated]: Show audit results from Windows VMs that are not joined to the specified domain (a29ee95c-0395-4515-9851-cc04ffe82a91)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters (5aebc8d1-020d-4037-89a0-02043a7524ec)
remove Policy [Deprecated]: Show audit results from Linux VMs that allow remote connections from accounts without passwords (2d67222d-05fd-4526-a171-2ee132ad9e83)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days (356a906e-05e5-4625-8729-90771e0ee934)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not store passwords using reversible encryption (2d60d3b7-aa10-454c-88a8-de39d99d17c6)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that are not joined to the specified domain (315c850a-272d-4502-8935-b79010405970)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords (726671ac-c4de-4908-8c7d-6043ae62e3b6)
remove Policy [Deprecated]: Show audit results from Windows VMs that allow re-use of the previous 24 passwords (cdbf72d9-ac9c-4026-8a3a-491a5ac59293)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day (16390df4-2f73-4b42-af13-c801066763df)
remove Policy [Deprecated]: Show audit results from Linux VMs that do not have the passwd file permissions set to 0644 (b18175dd-c599-4c64-83ba-bb018a06d35b)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters (23020aa6-1135-4be2-bae2-149982b06eca)
remove Policy [Deprecated]: Show audit results from Windows VMs on which the Log Analytics agent is not connected as expected (a030a57e-4639-4e8f-ade9-a92f33afe7ee)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption (8ff0b18b-262e-4512-857a-48ad0aeb9a78)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not have a minimum password age of 1 day (5aa11bbc-5c76-4302-80e5-aba46a4282e7)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected (68511db2-bd02-41c4-ae6b-1900a012968a)
remove Policy [Deprecated]: Show audit results from Windows web servers that are not using secure communication protocols (60ffe3e2-4604-4460-8f22-0f1da058266c)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members (93507a81-10a4-4af0-9ee2-34cf25a96e98)
remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644 (f19aa1c1-6b91-4c27-ae6a-970279f03db9)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain all of the specified members (f3b44e5d-1456-475f-9c67-c66c4618e85a)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not have the password complexity setting enabled (f48b2913-1dc5-4834-8c72-ccc1dfd819bb)
2020-07-01 14:50:07 remove Policy [Deprecated]: Advanced data security settings for SQL server should contain an email address to receive security alerts (9677b740-f641-4f3c-b9c5-466005c85278)
2020-06-16 14:55:25 Name change: '[Preview]: Audit SWIFT CSP-CSCF v2020 controls and deploy specific VM Extensions to support audit requirements' to '[Preview]: SWIFT CSP-CSCF v2020'
Description change: 'This initiative includes audit and VM Extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/SWIFT-blueprint.' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift-blueprint.'
JSON compare
compare mode: version left: version right:
JSON
api-version=2023-04-01
EPAC