last sync: 2020-Sep-25 13:37:27 UTC

Azure Policy Initiative

[Preview]: Azure Security Benchmark

Initiative DisplayName [Preview]: Azure Security Benchmark
Initiative Id 42a694ed-f65e-42b2-aa9e-8052e9740a92
Initiative Category Regulatory Compliance
Initiative Description This initiative includes audit and virtual machine extension deployment policies that address a subset of Azure Security Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.
Initiative Type BuiltIn
Initiative Changes
Date/Time (UTC ymd) (i) Change(s)
2020-09-15 14:06:41 remove Policy [Preview]: Pod Security Policies should be defined on Kubernetes Services (3abeb944-26af-43ee-b83d-32aaf060fb94)
2020-09-09 11:24:08 add Policy Audit Windows machines that have extra accounts in the Administrators group (3d2a3320-2a72-4c67-ac5f-caa40fbee2b2)
add Policy Audit Windows machines missing any of specified members in the Administrators group (30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7)
add Policy Audit Windows machines that have the specified members in the Administrators group (69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain only specified members (b821191b-3a12-44bc-9c38-212138a29ff3)
add Policy Audit Windows machines on which the Log Analytics agent is not connected as expected (6265018c-d7e2-432f-a75d-094d5f6f4465)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members (144f1397-32f9-4598-8c88-118decc3ccba)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group contains any of the specified members (bde62c94-ccca-4821-a815-92c1d31a76de)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members (93507a81-10a4-4af0-9ee2-34cf25a96e98)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain all of the specified members (f3b44e5d-1456-475f-9c67-c66c4618e85a)
remove Policy [Deprecated]: Show audit results from Windows VMs on which the Log Analytics agent is not connected as expected (a030a57e-4639-4e8f-ade9-a92f33afe7ee)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected (68511db2-bd02-41c4-ae6b-1900a012968a)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain only specified members (cc7cda28-f867-4311-8497-a526129a8d19)
2020-09-02 14:03:46 remove Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the API app (c2e7ca55-f62c-49b2-89a4-d41eb661d2f0)
remove Policy [Deprecated]: Ensure that 'PHP version' is the latest, if used as a part of the Function app (ab965db2-d2bf-4b64-8b39-c38ec8179461)
remove Policy [Deprecated]: Ensure that Register with Azure Active Directory is enabled on Function App (f0473e7a-a1ba-4e86-afb2-e829e11b01d8)
remove Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the Function App (10c1859c-e1a7-4df3-ab97-a487fa8059f6)
remove Policy [Deprecated]: Ensure that Register with Azure Active Directory is enabled on API app (86d97760-d216-4d81-a3ad-163087b2b6c3)
remove Policy [Deprecated]: Ensure that Register with Azure Active Directory is enabled on WEB App (aa81768c-cb87-4ce2-bfaa-00baa10d760c)
remove Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the Web app (843664e0-7563-41ee-a9cb-7522c382d2c4)
2020-08-21 13:50:30 remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' (f56a3ab2-89d1-44de-ac0d-2ada5962e22a)
add Policy Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs (385f5831-96d4-41db-9a3c-cd3af78aaae6)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Server' (6fe4ef56-7576-4dc4-8e9c-26bad4b087ce)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Network' (985285b7-b97a-419c-8d48-c88cc934c8d8)
add Policy Windows machines should meet requirements for 'Security Options - Microsoft Network Server' (caf2d518-f029-4f6b-833b-d7081702f253)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Network Security' (5c028d2a-1889-45f6-b821-31f42711ced8)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client' (fcbc55c9-f25a-4e55-a6cb-33acb3be778b)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Server' (86880e5c-df35-43c5-95ad-7e120635775e)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities (3cf2ab00-13f1-4d0c-8971-2ac904541a7e)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security' (36e17963-7202-494a-80c3-f508211c826b)
add Policy Windows machines should meet requirements for 'Administrative Templates - Network' (67e010c1-640d-438e-a3a5-feaccb533a98)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - Network' (7229bd6a-693d-478a-87f0-1dc1af06f3b8)
add Policy Windows machines should meet requirements for 'Security Options - Network Access' (3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity (497dff13-db2a-4c0f-8603-28fa3b331ab6)
add Policy Windows machines should meet requirements for 'Security Options - Network Security' (1221c620-d201-468c-81e7-2817e6107e84)
2020-07-01 14:50:07 remove Policy [Deprecated]: Advanced data security settings for SQL server should contain an email address to receive security alerts (9677b740-f641-4f3c-b9c5-466005c85278)
remove Policy [Deprecated]: Email notifications to admins should be enabled in SQL server advanced data security settings (c8343d2f-fdc9-4a97-b76f-fc71d1163bfc)
remove Policy [Deprecated]: Email notifications to admins should be enabled in SQL Managed Instance advanced data security settings (aeb23562-188d-47cb-80b8-551f16ef9fff)
remove Policy [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings (bda18df3-5e41-4709-add9-2554ce68c966)
remove Policy [Deprecated]: Advanced data security settings for SQL Managed Instance should contain an email address for security alerts (3965c43d-b5f4-482e-b74a-d89ee0e0b3a8)
remove Policy [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings (e756b945-1b1b-480b-8de8-9a0859d5f7ad)
2020-06-16 14:55:25 change Description Description change: 'This initiative includes audit and VM Extension deployment policies that address a subset of Azure Security Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/azsecbm.' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Azure Security Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.'
change DisplayName Name change: '[Preview]: Audit Azure Security Benchmark recommendations and deploy specific supporting VM Extensions' to '[Preview]: Azure Security Benchmark'
2020-06-11 19:46:04 add Policy FTPS only should be required in your Function App (399b2637-a50f-4f95-96f8-3a145476eb15)
add Policy Private endpoint should be enabled for MySQL servers (7595c971-233d-4bcf-bd18-596129188c49)
remove Policy Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports (057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9)
add Policy Private endpoint should be enabled for MariaDB servers (0a1302fb-a631-4106-9753-f3d494733990)
add Policy Private endpoint should be enabled for PostgreSQL servers (0564d078-92f5-4f97-8398-b9f58a51f70b)
remove Policy Security Center standard pricing tier should be selected (a1181c5f-672a-477a-979a-7d58aa086233)
add Policy SQL servers should be configured with auditing retention days greater than 90 days. (89099bee-89e0-4b26-a5f4-165451757743)
add Policy [Preview]: All Internet traffic should be routed via your deployed Azure Firewall (fc5e4038-4584-4632-8c85-c0448d374b2c)
add Policy SQL Auditing settings should have Action-Groups configured to capture critical activities (7ff426e2-515f-405a-91c8-4f2333442eb5)
add Policy FTPS should be required in your Web App (4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b)
add Policy FTPS only should be required in your API App (9a1b8c48-453a-4044-86c3-d8bfd823e4f5)
2020-03-03 10:09:24 add Policy Ensure that 'Java version' is the latest, if used as a part of the Api app (88999f4c-376a-45c8-bcb3-4058f713cf39)
add Policy Ensure that 'Python version' is the latest, if used as a part of the Web app (7008174a-fd10-4ef0-817e-fc820a951d73)
remove Policy Microsoft IaaSAntimalware extension should be deployed on Windows servers (9b597639-28e4-48eb-b506-56b05d366257)
add Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the Function App (10c1859c-e1a7-4df3-ab97-a487fa8059f6)
add Policy Ensure that 'Python version' is the latest, if used as a part of the Function app (7238174a-fd10-4ef0-817e-fc820a951d73)
add Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the Web app (843664e0-7563-41ee-a9cb-7522c382d2c4)
add Policy Ensure that 'PHP version' is the latest, if used as a part of the Api app (1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba)
remove Policy Azure Monitor solution 'Security and Audit' must be deployed (3e596b57-105f-48a6-be97-03e9243bad6e)
add Policy [Deprecated]: Ensure that 'PHP version' is the latest, if used as a part of the Function app (ab965db2-d2bf-4b64-8b39-c38ec8179461)
add Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the API app (c2e7ca55-f62c-49b2-89a4-d41eb661d2f0)
add Policy Ensure that 'Java version' is the latest, if used as a part of the Function app (9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc)
add Policy Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version (fb893a29-21bb-418c-a157-e99480ec364c)
add Policy Ensure that 'PHP version' is the latest, if used as a part of the WEB app (7261b898-8a84-4db8-9e04-18527132abb3)
add Policy Ensure that 'Java version' is the latest, if used as a part of the Web app (496223c3-ad65-4ecd-878a-bae78737e9ed)
add Policy Ensure that 'Python version' is the latest, if used as a part of the Api app (74c3584d-afae-46f7-a20a-6f8adba71a16)
2020-02-05 07:51:53 add Initiative 42a694ed-f65e-42b2-aa9e-8052e9740a92
Initiative Policies count Total Policies: 136
Builtin Policies: 136/136
Static Policies: 0/136
Initiative Policies
Policy DisplayName Policy Id
Long-term geo-redundant backup should be enabled for Azure SQL Databases d38fc420-0735-4ef3-ac11-c806f651a570
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign 617c02be-7f02-4efd-8836-3180d47b6c68
Geo-redundant backup should be enabled for Azure Database for MySQL 82339799-d096-41ae-8538-b108becf0970
Advanced data security should be enabled on SQL Managed Instance abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9
Ensure that 'PHP version' is the latest, if used as a part of the WEB app 7261b898-8a84-4db8-9e04-18527132abb3
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9
Managed identity should be used in your Function App 0da106f2-4ca3-48e8-bc85-c638fe6aea8f
A security contact email address should be provided for your subscription 4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7
Vulnerabilities should be remediated by a Vulnerability Assessment solution 760a85ff-6162-42b3-8d70-698e268f648c
Diagnostic logs in Data Lake Analytics should be enabled c95c74d9-38fe-4f0d-af86-0c7d626a315c
Diagnostic logs in Key Vault should be enabled cf820ca0-f99e-4f3e-84fb-66e913812d21
The Log Analytics agent should be installed on Virtual Machine Scale Sets efbde977-ba53-4479-b8e9-10b957924fbf
Diagnostic logs in IoT Hub should be enabled 383856f8-de7f-44a2-81fc-e5135b5c2aa4
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12
Private endpoint should be enabled for PostgreSQL servers 0564d078-92f5-4f97-8398-b9f58a51f70b
Remote debugging should be turned off for Function Apps 0e60b895-3786-45da-8377-9c6b4b6ac5f9
Remote debugging should be turned off for API Apps e9c8d085-d9cc-4b17-9cdc-059f1f01f19e
Latest TLS version should be used in your API App 8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e
Diagnostic logs in Batch accounts should be enabled 428256e6-1fac-4f48-a757-df34c2b3336d
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457
Azure Monitor should collect activity logs from all regions 41388f1c-2db0-4c25-95b2-35d7f5ccbfa9
Service Fabric clusters should only use Azure Active Directory for client authentication b54ed75b-3e1a-44ac-a333-05ba39b99ff0
Enforce SSL connection should be enabled for PostgreSQL database servers d158790f-bfb0-486c-8631-2dc6b4e8e6af
Audit Windows machines missing any of specified members in the Administrators group 30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6
Private endpoint should be enabled for MariaDB servers 0a1302fb-a631-4106-9753-f3d494733990
CORS should not allow every resource to access your Function Apps 0820b7b9-23aa-4725-a1ce-ae4558f718e5
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c
Managed identity should be used in your API App c4d441f8-f9d9-4a9e-9cef-e82117cb3eef
MFA should be enabled on accounts with read permissions on your subscription e3576e28-8b17-4677-84c3-db2990658d64
External accounts with owner permissions should be removed from your subscription f8456c1c-aa66-4dfb-861a-25d127b775c9
Azure DDoS Protection Standard should be enabled a7aca53f-2ed4-4466-a25e-0b45ade68efd
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9
App Service should use a virtual network service endpoint 2d21331d-a4c2-4def-a9ad-ee4e1e023beb
Ensure that 'Python version' is the latest, if used as a part of the Web app 7008174a-fd10-4ef0-817e-fc820a951d73
Private endpoint should be enabled for MySQL servers 7595c971-233d-4bcf-bd18-596129188c49
Management ports of virtual machines should be protected with just-in-time network access control b0f33259-77d7-4c9e-aac6-3aabcfae693c
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e
Diagnostic logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4
Audit usage of custom RBAC rules a451c1ef-c6ca-483d-87ed-f49761e3ffb5
Storage Accounts should use a virtual network service endpoint 60d21c4f-21a3-4d94-85f4-b924e6aeeda4
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c
Ensure that 'Java version' is the latest, if used as a part of the Function app 9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc
FTPS should be required in your Web App 4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b
Audit diagnostic setting 7f89b1eb-583c-429a-8828-af049802c1d9
Geo-redundant backup should be enabled for Azure Database for PostgreSQL 48af4db5-9b8b-401c-8e74-076be876a430
Audit Windows machines on which the Log Analytics agent is not connected as expected 6265018c-d7e2-432f-a75d-094d5f6f4465
Diagnostic logs in App Services should be enabled b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0
Audit Windows machines that have extra accounts in the Administrators group 3d2a3320-2a72-4c67-ac5f-caa40fbee2b2
Disk encryption should be applied on virtual machines 0961003e-5a0a-4549-abde-af6a37f2724d
Subnets should be associated with a Network Security Group e71308d3-144b-4262-b144-efdc3cc90517
Diagnostic logs in Logic Apps should be enabled 34f95f76-5386-4de7-b824-0d8478470c9d
Vulnerabilities on your SQL databases should be remediated feedbf84-6b99-488c-acc2-71c829aa5ffc
Ensure that 'Python version' is the latest, if used as a part of the Api app 74c3584d-afae-46f7-a20a-6f8adba71a16
Diagnostic logs in Virtual Machine Scale Sets should be enabled 7c1b1214-f927-48bf-8882-84f0af6588b1
External accounts with read permissions should be removed from your subscription 5f76cf89-fbf2-47fd-a3f4-b891fa780b60
Diagnostic logs in Azure Stream Analytics should be enabled f9be5368-9bf5-4b84-9e0a-7850da98bb46
Virtual machines should be connected to an approved virtual network d416745a-506c-48b6-8ab1-83cb814bcaa3
Diagnostic logs in Event Hub should be enabled 83a214f7-d01a-484b-91a9-ed54470c9a6a
Vulnerabilities in security configuration on your machines should be remediated e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15
Azure Backup should be enabled for Virtual Machines 013e242c-8828-4970-87b3-ab247555486d
Service Bus should use a virtual network service endpoint 235359c5-7c52-4b82-9055-01c75cf9f60e
Remote debugging should be turned off for Web Applications cb510bfd-1cba-4d9f-a230-cb0976f4bb71
Ensure that 'PHP version' is the latest, if used as a part of the Api app 1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba
Adaptive Network Hardening recommendations should be applied on internet facing virtual machines 08e6af2d-db70-460a-bfe9-d5bd474ba9d6
Latest TLS version should be used in your Web App f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9
External accounts with write permissions should be removed from your subscription 5c607a2e-c700-4744-8254-d77e7c9eb5e4
Function App should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated 3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9
Windows machines should meet requirements for 'Administrative Templates - Network' 67e010c1-640d-438e-a3a5-feaccb533a98
Management ports should be closed on your virtual machines 22730e10-96f6-4aac-ad84-9383d35b5917
Diagnostic logs in Azure Data Lake Store should be enabled 057ef27e-665e-4328-8ea3-04b3122bd9fb
Deprecated accounts should be removed from your subscription 6b1cbf55-e8b6-442f-ba4c-7246b6381474
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6
Geo-redundant backup should be enabled for Azure Database for MariaDB 0ec47710-77ff-4a3d-9181-6aa50af424d0
IP Forwarding on your virtual machine should be disabled bd352bd5-2853-4985-bf0d-73806b4a5744
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version fb893a29-21bb-418c-a157-e99480ec364c
SQL Auditing settings should have Action-Groups configured to capture critical activities 7ff426e2-515f-405a-91c8-4f2333442eb5
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9
MFA should be enabled accounts with write permissions on your subscription 9297c21d-2ed6-4474-b48f-163f75654ce3
Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On' 5bb220d9-2698-4ee4-8404-b9c30c9df609
Advanced data security should be enabled on your SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9
Ensure that 'Java version' is the latest, if used as a part of the Web app 496223c3-ad65-4ecd-878a-bae78737e9ed
Adaptive application controls for defining safe applications should be enabled on your machines 47a6b606-51aa-4496-8bb7-64b11cf66adc
Key Vault should use a virtual network service endpoint ea4d6841-2173-4317-9747-ff522a45120f
Enforce SSL connection should be enabled for MySQL database servers e802a67a-daf5-4436-9ea6-f6d821dd0c5d
Endpoint protection solution should be installed on virtual machine scale sets 26a828e1-e88f-464e-bbb3-c134a282b9de
Internet-facing virtual machines should be protected with network security groups f6de0be7-9a8a-4b8a-b349-43cf02d22f7c
The Log Analytics agent should be installed on virtual machines a70ca396-0a34-413a-88e1-b956c1e683be
[Preview]: All Internet traffic should be routed via your deployed Azure Firewall fc5e4038-4584-4632-8c85-c0448d374b2c
SQL Managed Instance TDE protector should be encrypted with your own key 048248b0-55cd-46da-b1ff-39efd52db260
System updates on virtual machine scale sets should be installed c3f317a7-a95c-4547-b7e7-11017ebdf2fe
Ensure that 'Java version' is the latest, if used as a part of the Api app 88999f4c-376a-45c8-bcb3-4058f713cf39
Windows machines should meet requirements for 'Security Options - Network Access' 3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd
Storage accounts should be migrated to new Azure Resource Manager resources 37e0d2fe-28a5-43d6-a273-67d37d1f5606
Vulnerabilities in container security configurations should be remediated e8cbc669-f12d-49eb-93e7-9273119e9933
Managed identity should be used in your Web App 2b9ad585-36bc-4615-b300-fd4435808332
Automatic provisioning of the Log Analytics monitoring agent should be enabled on your subscription 475aae12-b88a-4572-8b36-9b712b2b3a17
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735
FTPS only should be required in your API App 9a1b8c48-453a-4044-86c3-d8bfd823e4f5
Audit Windows machines that have the specified members in the Administrators group 69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f
[Preview]: Container Registry should use a virtual network service endpoint c4857be7-912a-4c75-87e6-e30292bcdf78
Microsoft Antimalware for Azure should be configured to automatically update protection signatures c43e4a30-77cb-48ab-a4dd-93f175c63b57
Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' 1a4e592a-6a6e-44a5-9814-e36264ca96e7
Diagnostic logs in Service Bus should be enabled f8d36e2f-389b-4ee4-898d-21aeb69a0f45
SQL servers should be configured with auditing retention days greater than 90 days. 89099bee-89e0-4b26-a5f4-165451757743
[Preview]: Sensitive data in your SQL databases should be classified cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349
Unattached disks should be encrypted 2c89a2e5-7285-40fe-afe0-ae8654b92fb2
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9
API App should only be accessible over HTTPS b7ddfbdc-1260-477d-91fd-98bd9be789a6
A security contact phone number should be provided for your subscription b4d66858-c922-44e3-9566-5cdb7a7be744
Deprecated accounts with owner permissions should be removed from your subscription ebb62a0c-3560-49e1-89ed-27e074e9f8ad
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b
Cosmos DB should use a virtual network service endpoint e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9
Virtual machines should be migrated to new Azure Resource Manager resources 1d84d5fb-01f6-4d12-ba4f-4a26081d403d
Key Vault objects should be recoverable 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53
Virtual networks should use specified virtual network gateway f1776c76-f58c-4245-a8d0-2b207198dc8b
Ensure that 'Python version' is the latest, if used as a part of the Function app 7238174a-fd10-4ef0-817e-fc820a951d73
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a
Web Application should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60
SQL Server should use a virtual network service endpoint ae5d2f14-d830-42b6-9899-df6cfe9c71a3
Windows machines should meet requirements for 'Security Options - Network Security' 1221c620-d201-468c-81e7-2817e6107e84
FTPS only should be required in your Function App 399b2637-a50f-4f95-96f8-3a145476eb15
Authorized IP ranges should be defined on Kubernetes Services 0e246bcf-5f6f-4f87-bc6f-775d4712c7ea
Network Watcher should be enabled b6e2945c-0b7b-40f5-9233-7a5323b5cdc6
Latest TLS version should be used in your Function App f9d614c5-c173-4d56-95a7-b4437057d193
CORS should not allow every resource to access your API App 358c20a6-3f9e-4f0e-97ff-c6ce485e2aac
SQL server TDE protector should be encrypted with your own key 0d134df8-db83-46fb-ad72-fe0c9428c8dd
Event Hub should use a virtual network service endpoint d63edb4a-c612-454d-b47d-191a724fcbf0
Windows machines should meet requirements for 'Security Options - Microsoft Network Server' caf2d518-f029-4f6b-833b-d7081702f253
CORS should not allow every resource to access your Web Applications 5744710e-cc2f-4ee8-8809-3b11e89f4bc9
MFA should be enabled on accounts with owner permissions on your subscription aa633080-8b72-40c4-a2d7-d00c03e80bed
Initiative Rule
{
  "properties": {
  "displayName": "[Preview]: Azure Security Benchmark",
    "policyType": "BuiltIn",
    "description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of Azure Security Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.",
    "metadata": {
      "version": "6.0.0-preview",
      "preview": true,
      "category": "Regulatory Compliance"
    },
    "parameters": {
      "IncludeArcMachines": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Include Arc connected servers for Guest Configuration policies",
          "description": "Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."
        },
        "allowedValues": [
          "true",
          "false"
        ],
        "defaultValue": "false"
      },
      "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: List of users excluded from Windows VM Administrators group",
          "description": "A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"
        }
      },
      "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: List of users that must be included in Windows VM Administrators group",
          "description": "A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2"
        }
      },
      "listOfOnlyMembersInWindowsVMAdministratorsGroup": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: List of users that Windows VM Administrators group must *only* include",
          "description": "A semicolon-separated list of all the expected members of the Administrators local group. Ex: Administrator; myUser1; myUser2"
        }
      },
      "listOfRegionsWhereNetworkWatcherShouldBeEnabled": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: List of regions where Network Watcher should be enabled",
          "description": "To see a complete list of regions use Get-AzLocation",
          "strongType": "location"
        },
        "defaultValue": [
          "australiacentral",
          "australiacentral2",
          "australiaeast",
          "australiasoutheast",
          "brazilsouth",
          "canadacentral",
          "canadaeast",
          "centralindia",
          "centralus",
          "eastasia",
          "eastus",
          "eastus2",
          "francecentral",
          "francesouth",
          "germanynorth",
          "germanywestcentral",
          "global",
          "japaneast",
          "japanwest",
          "koreacentral",
          "koreasouth",
          "northcentralus",
          "northeurope",
          "norwayeast",
          "norwaywest",
          "southafricanorth",
          "southafricawest",
          "southcentralus",
          "southeastasia",
          "southindia",
          "switzerlandnorth",
          "switzerlandwest",
          "uaecentral",
          "uaenorth",
          "uksouth",
          "ukwest",
          "westcentralus",
          "westeurope",
          "westindia",
          "westus",
          "westus2"
        ]
      },
      "approvedVirtualNetworkForVMs": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Virtual network where VMs should be connected",
          "description": "Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name",
          "strongType": "Microsoft.Network/virtualNetworks"
        }
      },
      "approvedNetworkGatewayforVirtualNetworks": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Network gateway that virtual networks should use",
          "description": "Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name",
          "strongType": "Microsoft.Network/virtualNetworkGateways"
        }
      },
      "listOfWorkspaceIDsForLogAnalyticsAgent": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: List of workspace IDs where Log Analytics agents should connect",
          "description": "A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to"
        }
      },
      "listOfResourceTypesWithDiagnosticLogsEnabled": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: List of resource types that should have diagnostic logs enabled",
          "description": "Audit diagnostic setting for selected resource types"
        },
        "allowedValues": [
          "Microsoft.AnalysisServices/servers",
          "Microsoft.ApiManagement/service",
          "Microsoft.Network/applicationGateways",
          "Microsoft.Automation/automationAccounts",
          "Microsoft.ContainerInstance/containerGroups",
          "Microsoft.ContainerRegistry/registries",
          "Microsoft.ContainerService/managedClusters",
          "Microsoft.Batch/batchAccounts",
          "Microsoft.Cdn/profiles/endpoints",
          "Microsoft.CognitiveServices/accounts",
          "Microsoft.DocumentDB/databaseAccounts",
          "Microsoft.DataFactory/factories",
          "Microsoft.DataLakeAnalytics/accounts",
          "Microsoft.DataLakeStore/accounts",
          "Microsoft.EventGrid/eventSubscriptions",
          "Microsoft.EventGrid/topics",
          "Microsoft.EventHub/namespaces",
          "Microsoft.Network/expressRouteCircuits",
          "Microsoft.Network/azureFirewalls",
          "Microsoft.HDInsight/clusters",
          "Microsoft.Devices/IotHubs",
          "Microsoft.KeyVault/vaults",
          "Microsoft.Network/loadBalancers",
          "Microsoft.Logic/integrationAccounts",
          "Microsoft.Logic/workflows",
          "Microsoft.DBforMySQL/servers",
          "Microsoft.Network/networkInterfaces",
          "Microsoft.Network/networkSecurityGroups",
          "Microsoft.DBforPostgreSQL/servers",
          "Microsoft.PowerBIDedicated/capacities",
          "Microsoft.Network/publicIPAddresses",
          "Microsoft.RecoveryServices/vaults",
          "Microsoft.Cache/redis",
          "Microsoft.Relay/namespaces",
          "Microsoft.Search/searchServices",
          "Microsoft.ServiceBus/namespaces",
          "Microsoft.SignalRService/SignalR",
          "Microsoft.Sql/servers/databases",
          "Microsoft.Sql/servers/elasticPools",
          "Microsoft.StreamAnalytics/streamingjobs",
          "Microsoft.TimeSeriesInsights/environments",
          "Microsoft.Network/trafficManagerProfiles",
          "Microsoft.Compute/virtualMachines",
          "Microsoft.Compute/virtualMachineScaleSets",
          "Microsoft.Network/virtualNetworks",
          "Microsoft.Network/virtualNetworkGateways"
        ],
        "defaultValue": [
          "Microsoft.AnalysisServices/servers",
          "Microsoft.ApiManagement/service",
          "Microsoft.Network/applicationGateways",
          "Microsoft.Automation/automationAccounts",
          "Microsoft.ContainerInstance/containerGroups",
          "Microsoft.ContainerRegistry/registries",
          "Microsoft.ContainerService/managedClusters",
          "Microsoft.Batch/batchAccounts",
          "Microsoft.Cdn/profiles/endpoints",
          "Microsoft.CognitiveServices/accounts",
          "Microsoft.DocumentDB/databaseAccounts",
          "Microsoft.DataFactory/factories",
          "Microsoft.DataLakeAnalytics/accounts",
          "Microsoft.DataLakeStore/accounts",
          "Microsoft.EventGrid/eventSubscriptions",
          "Microsoft.EventGrid/topics",
          "Microsoft.EventHub/namespaces",
          "Microsoft.Network/expressRouteCircuits",
          "Microsoft.Network/azureFirewalls",
          "Microsoft.HDInsight/clusters",
          "Microsoft.Devices/IotHubs",
          "Microsoft.KeyVault/vaults",
          "Microsoft.Network/loadBalancers",
          "Microsoft.Logic/integrationAccounts",
          "Microsoft.Logic/workflows",
          "Microsoft.DBforMySQL/servers",
          "Microsoft.Network/networkInterfaces",
          "Microsoft.Network/networkSecurityGroups",
          "Microsoft.DBforPostgreSQL/servers",
          "Microsoft.PowerBIDedicated/capacities",
          "Microsoft.Network/publicIPAddresses",
          "Microsoft.RecoveryServices/vaults",
          "Microsoft.Cache/redis",
          "Microsoft.Relay/namespaces",
          "Microsoft.Search/searchServices",
          "Microsoft.ServiceBus/namespaces",
          "Microsoft.SignalRService/SignalR",
          "Microsoft.Sql/servers/databases",
          "Microsoft.Sql/servers/elasticPools",
          "Microsoft.StreamAnalytics/streamingjobs",
          "Microsoft.TimeSeriesInsights/environments",
          "Microsoft.Network/trafficManagerProfiles",
          "Microsoft.Compute/virtualMachines",
          "Microsoft.Compute/virtualMachineScaleSets",
          "Microsoft.Network/virtualNetworks",
          "Microsoft.Network/virtualNetworkGateways"
        ]
      },
      "PHPLatestVersion": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest PHP version",
          "description": "Latest supported PHP version for App Services"
        },
        "defaultValue": "7.3"
      },
      "JavaLatestVersion": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest Java version",
          "description": "Latest supported Java version for App Services"
        },
        "defaultValue": "11"
      },
      "WindowsPythonLatestVersion": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest Windows Python version",
          "description": "Latest supported Python version for App Services"
        },
        "defaultValue": "3.6"
      },
      "LinuxPythonLatestVersion": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest Linux Python version",
          "description": "Latest supported Python version for App Services"
        },
        "defaultValue": "3.8"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "013e242c-8828-4970-87b3-ab247555486d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_9.1",
          "Azure_Security_Benchmark_v1.0_9.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "048248b0-55cd-46da-b1ff-39efd52db260",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "057ef27e-665e-4328-8ea3-04b3122bd9fb",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "0820b7b9-23aa-4725-a1ce-ae4558f718e5",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1",
          "Azure_Security_Benchmark_v1.0_1.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "09024ccc-0c5f-475e-9457-b7c0d9ed487b",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.1",
          "Azure_Security_Benchmark_v1.0_3.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "0961003e-5a0a-4549-abde-af6a37f2724d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_7.11",
          "Azure_Security_Benchmark_v1.0_9.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "0d134df8-db83-46fb-ad72-fe0c9428c8dd",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_7.12"
        ]
      },
      {
        "policyDefinitionReferenceId": "0e246bcf-5f6f-4f87-bc6f-775d4712c7ea",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "0e60b895-3786-45da-8377-9c6b4b6ac5f9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_9.1",
          "Azure_Security_Benchmark_v1.0_9.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          },
          "MembersToExclude": {
          "value": "[parameters('listOfMembersToExcludeFromWindowsVMAdministratorsGroup')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "17k78e20-9358-41c9-923c-fb736d382a12",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "1a4e592a-6a6e-44a5-9814-e36264ca96e7",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "1d84d5fb-01f6-4d12-ba4f-4a26081d403d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_6.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "1f314764-cb73-4fc9-b863-8eca98ac36e9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "22730e10-96f6-4aac-ad84-9383d35b5917",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "22bee202-a82f-4305-9a2a-6d7f44d4dedb",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "235359c5-7c52-4b82-9055-01c75cf9f60e",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/235359c5-7c52-4b82-9055-01c75cf9f60e",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.8",
          "Azure_Security_Benchmark_v1.0_8.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "2b9ad585-36bc-4615-b300-fd4435808332",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_7.12"
        ]
      },
      {
        "policyDefinitionReferenceId": "2c89a2e5-7285-40fe-afe0-ae8654b92fb2",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "2d21331d-a4c2-4def-a9ad-ee4e1e023beb",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "34c877ad-507e-4c82-993e-3452a6e0ad3c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "34f95f76-5386-4de7-b824-0d8478470c9d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "358c20a6-3f9e-4f0e-97ff-c6ce485e2aac",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "3657f5a0-770e-44a3-b44e-9431ba1e9735",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.11"
        ]
      },
      {
        "policyDefinitionReferenceId": "497dff13-db2a-4c0f-8603-28fa3b331ab6",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.11"
        ]
      },
      {
        "policyDefinitionReferenceId": "385f5831-96d4-41db-9a3c-cd3af78aaae6",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.11"
        ]
      },
      {
        "policyDefinitionReferenceId": "1221c620-d201-468c-81e7-2817e6107e84",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.11"
        ]
      },
      {
        "policyDefinitionReferenceId": "37e0d2fe-28a5-43d6-a273-67d37d1f5606",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_6.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "383856f8-de7f-44a2-81fc-e5135b5c2aa4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.5",
          "Azure_Security_Benchmark_v1.0_7.4",
          "Azure_Security_Benchmark_v1.0_7.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.2",
          "Azure_Security_Benchmark_v1.0_4.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "428256e6-1fac-4f48-a757-df34c2b3336d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.2",
          "Azure_Security_Benchmark_v1.0_2.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_6.8",
          "Azure_Security_Benchmark_v1.0_6.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_9.1",
          "Azure_Security_Benchmark_v1.0_9.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "4f11b553-d42e-4e3a-89be-32ca364cad4c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.1",
          "Azure_Security_Benchmark_v1.0_3.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_10.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "501541f7-f7e7-4cd6-868c-4190fdad3ac9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "5744710e-cc2f-4ee8-8809-3b11e89f4bc9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "5bb220d9-2698-4ee4-8404-b9c30c9df609",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "5c607a2e-c700-4744-8254-d77e7c9eb5e4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "5f76cf89-fbf2-47fd-a3f4-b891fa780b60",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "60d21c4f-21a3-4d94-85f4-b924e6aeeda4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "617c02be-7f02-4efd-8836-3180d47b6c68",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "6265018c-d7e2-432f-a75d-094d5f6f4465",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          },
          "WorkspaceId": {
          "value": "[parameters('listOfWorkspaceIDsForLogAnalyticsAgent')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.2",
          "Azure_Security_Benchmark_v1.0_2.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "6b1cbf55-e8b6-442f-ba4c-7246b6381474",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "760a85ff-6162-42b3-8d70-698e268f648c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "7c1b1214-f927-48bf-8882-84f0af6588b1",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "7f89b1eb-583c-429a-8828-af049802c1d9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9",
        "parameters": {
          "listOfResourceTypes": {
          "value": "[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "82339799-d096-41ae-8538-b108becf0970",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_9.1",
          "Azure_Security_Benchmark_v1.0_9.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "83a214f7-d01a-484b-91a9-ed54470c9a6a",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "caf2d518-f029-4f6b-833b-d7081702f253",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.11"
        ]
      },
      {
        "policyDefinitionReferenceId": "86b3d65f-7626-441e-b690-81a8b71cff60",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "9297c21d-2ed6-4474-b48f-163f75654ce3",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          },
          "MembersToInclude": {
          "value": "[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "67e010c1-640d-438e-a3a5-feaccb533a98",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.11"
        ]
      },
      {
        "policyDefinitionReferenceId": "a451c1ef-c6ca-483d-87ed-f49761e3ffb5",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "a4af4a39-4135-47fb-b175-47fbdf85311d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "a70ca396-0a34-413a-88e1-b956c1e683be",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.2",
          "Azure_Security_Benchmark_v1.0_2.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "a7aca53f-2ed4-4466-a25e-0b45ade68efd",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "aa633080-8b72-40c4-a2d7-d00c03e80bed",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.7",
          "Azure_Security_Benchmark_v1.0_4.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.7",
          "Azure_Security_Benchmark_v1.0_4.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "ac4a19c2-fa67-49b4-8ae5-0b2e78c49457",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "ae5d2f14-d830-42b6-9899-df6cfe9c71a3",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.8",
          "Azure_Security_Benchmark_v1.0_8.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "b0f33259-77d7-4c9e-aac6-3aabcfae693c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1",
          "Azure_Security_Benchmark_v1.0_1.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "b4330a05-a843-4bc8-bf9a-cacce50c67f4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "b4d66858-c922-44e3-9566-5cdb7a7be744",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4d66858-c922-44e3-9566-5cdb7a7be744",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_10.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "b54ed75b-3e1a-44ac-a333-05ba39b99ff0",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "b6e2945c-0b7b-40f5-9233-7a5323b5cdc6",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6",
        "parameters": {
          "listOfLocations": {
          "value": "[parameters('listOfRegionsWhereNetworkWatcherShouldBeEnabled')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.2",
          "Azure_Security_Benchmark_v1.0_1.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "b7ddfbdc-1260-477d-91fd-98bd9be789a6",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "3d2a3320-2a72-4c67-ac5f-caa40fbee2b2",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          },
          "Members": {
          "value": "[parameters('listOfOnlyMembersInWindowsVMAdministratorsGroup')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "bd352bd5-2853-4985-bf0d-73806b4a5744",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "c3f317a7-a95c-4547-b7e7-11017ebdf2fe",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "c43e4a30-77cb-48ab-a4dd-93f175c63b57",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.8",
          "Azure_Security_Benchmark_v1.0_8.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "c4857be7-912a-4c75-87e6-e30292bcdf78",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "c4d441f8-f9d9-4a9e-9cef-e82117cb3eef",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_7.12"
        ]
      },
      {
        "policyDefinitionReferenceId": "c95c74d9-38fe-4f0d-af86-0c7d626a315c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.1",
          "Azure_Security_Benchmark_v1.0_4.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "cf820ca0-f99e-4f3e-84fb-66e913812d21",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "d38fc420-0735-4ef3-ac11-c806f651a570",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_9.1",
          "Azure_Security_Benchmark_v1.0_9.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "d416745a-506c-48b6-8ab1-83cb814bcaa3",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3",
        "parameters": {
          "virtualNetworkId": {
          "value": "[parameters('approvedVirtualNetworkForVMs')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "d63edb4a-c612-454d-b47d-191a724fcbf0",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.5",
          "Azure_Security_Benchmark_v1.0_7.4",
          "Azure_Security_Benchmark_v1.0_7.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "e3576e28-8b17-4677-84c3-db2990658d64",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "e71308d3-144b-4262-b144-efdc3cc90517",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "e802a67a-daf5-4436-9ea6-f6d821dd0c5d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.5",
          "Azure_Security_Benchmark_v1.0_7.4",
          "Azure_Security_Benchmark_v1.0_7.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "e9c8d085-d9cc-4b17-9cdc-059f1f01f19e",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "ea4d6841-2173-4317-9747-ff522a45120f",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "ebb62a0c-3560-49e1-89ed-27e074e9f8ad",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.1",
          "Azure_Security_Benchmark_v1.0_3.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "efbde977-ba53-4479-b8e9-10b957924fbf",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.2",
          "Azure_Security_Benchmark_v1.0_2.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "f1776c76-f58c-4245-a8d0-2b207198dc8b",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b",
        "parameters": {
          "virtualNetworkGatewayId": {
          "value": "[parameters('approvedNetworkGatewayforVirtualNetworks')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd",
        "parameters": {
          "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.11"
        ]
      },
      {
        "policyDefinitionReferenceId": "f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "f8456c1c-aa66-4dfb-861a-25d127b775c9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_3.1",
          "Azure_Security_Benchmark_v1.0_3.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "f9be5368-9bf5-4b84-9e0a-7850da98bb46",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "f9d614c5-c173-4d56-95a7-b4437057d193",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "feedbf84-6b99-488c-acc2-71c829aa5ffc",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba",
        "parameters": {
          "PHPLatestVersion": {
          "value": "[parameters('PHPLatestVersion')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "7261b898-8a84-4db8-9e04-18527132abb3",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3",
        "parameters": {
          "PHPLatestVersion": {
          "value": "[parameters('PHPLatestVersion')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "496223c3-ad65-4ecd-878a-bae78737e9ed",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed",
        "parameters": {
          "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc",
        "parameters": {
          "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "88999f4c-376a-45c8-bcb3-4058f713cf39",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39",
        "parameters": {
          "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "7008174a-fd10-4ef0-817e-fc820a951d73",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73",
        "parameters": {
          "WindowsPythonLatestVersion": {
          "value": "[parameters('WindowsPythonLatestVersion')]"
          },
          "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "7238174a-fd10-4ef0-817e-fc820a951d73",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73",
        "parameters": {
          "WindowsPythonLatestVersion": {
          "value": "[parameters('WindowsPythonLatestVersion')]"
          },
          "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "74c3584d-afae-46f7-a20a-6f8adba71a16",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16",
        "parameters": {
          "WindowsPythonLatestVersion": {
          "value": "[parameters('WindowsPythonLatestVersion')]"
          },
          "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
          }
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "fb893a29-21bb-418c-a157-e99480ec364c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "0564d078-92f5-4f97-8398-b9f58a51f70b",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "0a1302fb-a631-4106-9753-f3d494733990",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "7595c971-233d-4bcf-bd18-596129188c49",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "fc5e4038-4584-4632-8c85-c0448d374b2c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_1.1",
          "Azure_Security_Benchmark_v1.0_1.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "7ff426e2-515f-405a-91c8-4f2333442eb5",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "89099bee-89e0-4b26-a5f4-165451757743",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_2.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "399b2637-a50f-4f95-96f8-3a145476eb15",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "9a1b8c48-453a-4044-86c3-d8bfd823e4f5",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5",
        "parameters": {
          
        },
        "groupNames": [
          "Azure_Security_Benchmark_v1.0_4.4"
        ]
      }
    ],
    "policyDefinitionGroups": [
      {
        "name": "Azure_Security_Benchmark_v1.0_1.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.3"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.4"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.5"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.6"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.7"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.8"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.9"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.10",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.10"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_1.11",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.11"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.3"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.4"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.5"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.6"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.7"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.8"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.9"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_2.10",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.10"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.3"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.4"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.5"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.6"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.7"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.8"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.9"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.10",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.10"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.11",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.11"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.12",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.12"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_3.13",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.13"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_4.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_4.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_4.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.3"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_4.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.4"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_4.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.5"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_4.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.6"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_4.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.7"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_4.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.8"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_4.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.9"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_5.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_5.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_5.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.3"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_5.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.4"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_5.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.5"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.3"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.4"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.5"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.6"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.7"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.8"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.9"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.10",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.10"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.11",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.11"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.12",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.12"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_6.13",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.13"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.3"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.4"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.5"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.6"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.7"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.8"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.9"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.10",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.10"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.11",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.11"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.12",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.12"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_7.13",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.13"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_8.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_8.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_8.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.3"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_9.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_9.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_9.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.3"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_9.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.4"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_10.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_10.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.2"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_10.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.4"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_10.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.5"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_10.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.6"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_11.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_11.1"
      },
      {
        "name": "Azure_Security_Benchmark_v1.0_10.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.3"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "42a694ed-f65e-42b2-aa9e-8052e9740a92"
}