AzInitiativeAdvertizer

last sync: 2021-Sep-22 19:36:52 UTC

Azure Policy Initiative

[Deprecated]: Azure Security Benchmark v1

Name[Deprecated]: Azure Security Benchmark v1
Azure Portal
Id42a694ed-f65e-42b2-aa9e-8052e9740a92
Version8.0.0-deprecated
details on versioning
CategoryRegulatory Compliance
Microsoft docs
DescriptionThis initiative has been deprecated. The Azure Security Benchmark initiative now represents the Azure Security Benchmark v2 controls, and serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center.
TypeBuiltIn
DeprecatedTrue
PreviewFalse
History
Date/Time (UTC ymd) (i) Changes
2021-06-22 14:29:04 remove Policy [Deprecated]: Service Bus should use a virtual network service endpoint (235359c5-7c52-4b82-9055-01c75cf9f60e)
2021-02-09 14:46:37 Description change: 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Azure Security Benchmark v1 recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.' to 'This initiative has been deprecated. The Azure Security Benchmark initiative now represents the Azure Security Benchmark v2 controls, and serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center.'
2021-01-22 09:14:56 Name change: '[Preview]: Azure Security Benchmark v1' to '[Deprecated]: Azure Security Benchmark v1'
remove Policy [Deprecated]: A security contact phone number should be provided for your subscription (b4d66858-c922-44e3-9566-5cdb7a7be744)
remove Policy [Deprecated]: Vulnerabilities should be remediated by a Vulnerability Assessment solution (760a85ff-6162-42b3-8d70-698e268f648c)
2021-01-13 16:08:35 Description change: 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Azure Security Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Azure Security Benchmark v1 recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.'
Name change: '[Preview]: Azure Security Benchmark' to '[Preview]: Azure Security Benchmark v1'
2020-09-15 14:06:41 remove Policy [Deprecated]: Pod Security Policies should be defined on Kubernetes Services (3abeb944-26af-43ee-b83d-32aaf060fb94)
2020-09-09 11:24:08 add Policy Audit Windows machines on which the Log Analytics agent is not connected as expected (6265018c-d7e2-432f-a75d-094d5f6f4465)
add Policy Audit Windows machines that have the specified members in the Administrators group (69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f)
add Policy Audit Windows machines missing any of specified members in the Administrators group (30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7)
add Policy Audit Windows machines that have extra accounts in the Administrators group (3d2a3320-2a72-4c67-ac5f-caa40fbee2b2)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain only specified members (cc7cda28-f867-4311-8497-a526129a8d19)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain only specified members (b821191b-3a12-44bc-9c38-212138a29ff3)
remove Policy [Deprecated]: Show audit results from Windows VMs on which the Log Analytics agent is not connected as expected (a030a57e-4639-4e8f-ade9-a92f33afe7ee)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected (68511db2-bd02-41c4-ae6b-1900a012968a)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members (93507a81-10a4-4af0-9ee2-34cf25a96e98)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group contains any of the specified members (bde62c94-ccca-4821-a815-92c1d31a76de)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members (144f1397-32f9-4598-8c88-118decc3ccba)
remove Policy [Deprecated]: Show audit results from Windows VMs if the Administrators group doesn't contain all of the specified members (f3b44e5d-1456-475f-9c67-c66c4618e85a)
2020-09-02 14:03:46 remove Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the Function App (10c1859c-e1a7-4df3-ab97-a487fa8059f6)
remove Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the Web app (843664e0-7563-41ee-a9cb-7522c382d2c4)
remove Policy [Deprecated]: Ensure that Register with Azure Active Directory is enabled on Function App (f0473e7a-a1ba-4e86-afb2-e829e11b01d8)
remove Policy [Deprecated]: Ensure that Register with Azure Active Directory is enabled on API app (86d97760-d216-4d81-a3ad-163087b2b6c3)
remove Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the API app (c2e7ca55-f62c-49b2-89a4-d41eb661d2f0)
remove Policy [Deprecated]: Ensure that 'PHP version' is the latest, if used as a part of the Function app (ab965db2-d2bf-4b64-8b39-c38ec8179461)
remove Policy [Deprecated]: Ensure that Register with Azure Active Directory is enabled on WEB App (aa81768c-cb87-4ce2-bfaa-00baa10d760c)
2020-08-21 13:50:30 add Policy Windows machines should meet requirements for 'Security Options - Network Access' (3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd)
add Policy Windows machines should meet requirements for 'Security Options - Network Security' (1221c620-d201-468c-81e7-2817e6107e84)
add Policy Windows machines should meet requirements for 'Security Options - Microsoft Network Server' (caf2d518-f029-4f6b-833b-d7081702f253)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity (497dff13-db2a-4c0f-8603-28fa3b331ab6)
add Policy Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs (385f5831-96d4-41db-9a3c-cd3af78aaae6)
add Policy Windows machines should meet requirements for 'Administrative Templates - Network' (67e010c1-640d-438e-a3a5-feaccb533a98)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities (3cf2ab00-13f1-4d0c-8971-2ac904541a7e)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Server' (86880e5c-df35-43c5-95ad-7e120635775e)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - Network' (7229bd6a-693d-478a-87f0-1dc1af06f3b8)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Server' (6fe4ef56-7576-4dc4-8e9c-26bad4b087ce)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' (f56a3ab2-89d1-44de-ac0d-2ada5962e22a)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security' (36e17963-7202-494a-80c3-f508211c826b)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Network Security' (5c028d2a-1889-45f6-b821-31f42711ced8)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client' (fcbc55c9-f25a-4e55-a6cb-33acb3be778b)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Network' (985285b7-b97a-419c-8d48-c88cc934c8d8)
2020-07-01 14:50:07 remove Policy [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings (bda18df3-5e41-4709-add9-2554ce68c966)
remove Policy [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings (e756b945-1b1b-480b-8de8-9a0859d5f7ad)
remove Policy [Deprecated]: Email notifications to admins should be enabled in SQL server advanced data security settings (c8343d2f-fdc9-4a97-b76f-fc71d1163bfc)
remove Policy [Deprecated]: Advanced data security settings for SQL server should contain an email address to receive security alerts (9677b740-f641-4f3c-b9c5-466005c85278)
remove Policy [Deprecated]: Email notifications to admins should be enabled in SQL Managed Instance advanced data security settings (aeb23562-188d-47cb-80b8-551f16ef9fff)
remove Policy [Deprecated]: Advanced data security settings for SQL Managed Instance should contain an email address for security alerts (3965c43d-b5f4-482e-b74a-d89ee0e0b3a8)
2020-06-16 14:55:25 Name change: '[Preview]: Audit Azure Security Benchmark recommendations and deploy specific supporting VM Extensions' to '[Preview]: Azure Security Benchmark'
Description change: 'This initiative includes audit and VM Extension deployment policies that address a subset of Azure Security Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/azsecbm.' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Azure Security Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm.'
2020-06-11 19:46:04 add Policy FTPS only should be required in your API App (9a1b8c48-453a-4044-86c3-d8bfd823e4f5)
add Policy Private endpoint should be enabled for PostgreSQL servers (0564d078-92f5-4f97-8398-b9f58a51f70b)
add Policy FTPS should be required in your Web App (4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b)
add Policy SQL Auditing settings should have Action-Groups configured to capture critical activities (7ff426e2-515f-405a-91c8-4f2333442eb5)
add Policy [Preview]: All Internet traffic should be routed via your deployed Azure Firewall (fc5e4038-4584-4632-8c85-c0448d374b2c)
add Policy Private endpoint should be enabled for MariaDB servers (0a1302fb-a631-4106-9753-f3d494733990)
add Policy SQL servers with auditing to storage account destination should be configured with 90 days retention or higher (89099bee-89e0-4b26-a5f4-165451757743)
add Policy Private endpoint should be enabled for MySQL servers (7595c971-233d-4bcf-bd18-596129188c49)
add Policy FTPS only should be required in your Function App (399b2637-a50f-4f95-96f8-3a145476eb15)
remove Policy Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports (057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9)
remove Policy Security Center standard pricing tier should be selected (a1181c5f-672a-477a-979a-7d58aa086233)
2020-03-03 10:09:24 add Policy Ensure that 'Python version' is the latest, if used as a part of the API app (74c3584d-afae-46f7-a20a-6f8adba71a16)
add Policy Ensure that 'Java version' is the latest, if used as a part of the API app (88999f4c-376a-45c8-bcb3-4058f713cf39)
add Policy Ensure that 'Python version' is the latest, if used as a part of the Web app (7008174a-fd10-4ef0-817e-fc820a951d73)
add Policy Ensure that 'PHP version' is the latest, if used as a part of the API app (1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba)
add Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the Web app (843664e0-7563-41ee-a9cb-7522c382d2c4)
add Policy Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version (fb893a29-21bb-418c-a157-e99480ec364c)
add Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the API app (c2e7ca55-f62c-49b2-89a4-d41eb661d2f0)
add Policy Ensure that 'Java version' is the latest, if used as a part of the Function app (9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc)
add Policy Ensure that 'PHP version' is the latest, if used as a part of the WEB app (7261b898-8a84-4db8-9e04-18527132abb3)
add Policy Ensure that 'Java version' is the latest, if used as a part of the Web app (496223c3-ad65-4ecd-878a-bae78737e9ed)
add Policy Ensure that 'Python version' is the latest, if used as a part of the Function app (7238174a-fd10-4ef0-817e-fc820a951d73)
add Policy [Deprecated]: Ensure that 'PHP version' is the latest, if used as a part of the Function app (ab965db2-d2bf-4b64-8b39-c38ec8179461)
add Policy [Deprecated]: Ensure that '.NET Framework' version is the latest, if used as a part of the Function App (10c1859c-e1a7-4df3-ab97-a487fa8059f6)
remove Policy Azure Monitor solution 'Security and Audit' must be deployed (3e596b57-105f-48a6-be97-03e9243bad6e)
remove Policy Microsoft IaaSAntimalware extension should be deployed on Windows servers (9b597639-28e4-48eb-b506-56b05d366257)
2020-02-05 07:51:53 add Initiative 42a694ed-f65e-42b2-aa9e-8052e9740a92
Policy count Total Policies: 133
Builtin Policies: 133
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
[Preview]: All Internet traffic should be routed via your deployed Azure Firewall fc5e4038-4584-4632-8c85-c0448d374b2c Network Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 Preview
[Preview]: Container Registry should use a virtual network service endpoint c4857be7-912a-4c75-87e6-e30292bcdf78 Network Default: Audit
Allowed: (Audit, Disabled)		 Preview
[Preview]: Sensitive data in your SQL databases should be classified cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 Preview
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Adaptive application controls for defining safe applications should be enabled on your machines 47a6b606-51aa-4496-8bb7-64b11cf66adc Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Adaptive network hardening recommendations should be applied on internet facing virtual machines 08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed: modify GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration Fixed: modify GA
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
API App should only be accessible over HTTPS b7ddfbdc-1260-477d-91fd-98bd9be789a6 App Service Default: Audit
Allowed: (Audit, Disabled)		 GA
App Service should use a virtual network service endpoint 2d21331d-a4c2-4def-a9ad-ee4e1e023beb Network Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit diagnostic setting 7f89b1eb-583c-429a-8828-af049802c1d9 Monitoring Fixed: AuditIfNotExists GA
Audit usage of custom RBAC rules a451c1ef-c6ca-483d-87ed-f49761e3ffb5 General Default: Audit
Allowed: (Audit, Disabled)		 GA
Audit Windows machines missing any of specified members in the Administrators group 30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Guest Configuration Fixed: auditIfNotExists GA
Audit Windows machines on which the Log Analytics agent is not connected as expected 6265018c-d7e2-432f-a75d-094d5f6f4465 Guest Configuration Fixed: auditIfNotExists GA
Audit Windows machines that have extra accounts in the Administrators group 3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Guest Configuration Fixed: auditIfNotExists GA
Audit Windows machines that have the specified members in the Administrators group 69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Guest Configuration Fixed: auditIfNotExists GA
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Authorized IP ranges should be defined on Kubernetes Services 0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Security Center Default: Audit
Allowed: (Audit, Disabled)		 GA
Auto provisioning of the Log Analytics agent should be enabled on your subscription 475aae12-b88a-4572-8b36-9b712b2b3a17 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Azure Backup should be enabled for Virtual Machines 013e242c-8828-4970-87b3-ab247555486d Backup Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure DDoS Protection Standard should be enabled a7aca53f-2ed4-4466-a25e-0b45ade68efd Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for SQL should be enabled for unprotected Azure SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for SQL should be enabled for unprotected SQL Managed Instances abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' 1a4e592a-6a6e-44a5-9814-e36264ca96e7 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Monitor should collect activity logs from all regions 41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
CORS should not allow every resource to access your API App 358c20a6-3f9e-4f0e-97ff-c6ce485e2aac App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
CORS should not allow every resource to access your Function Apps 0820b7b9-23aa-4725-a1ce-ae4558f718e5 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
CORS should not allow every resource to access your Web Applications 5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Cosmos DB should use a virtual network service endpoint e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Network Default: Audit
Allowed: (Audit, Disabled)		 GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed: deployIfNotExists GA
Deprecated accounts should be removed from your subscription 6b1cbf55-e8b6-442f-ba4c-7246b6381474 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Deprecated accounts with owner permissions should be removed from your subscription ebb62a0c-3560-49e1-89ed-27e074e9f8ad Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Diagnostic logs in App Services should be enabled b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Endpoint protection solution should be installed on virtual machine scale sets 26a828e1-e88f-464e-bbb3-c134a282b9de Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Enforce SSL connection should be enabled for MySQL database servers e802a67a-daf5-4436-9ea6-f6d821dd0c5d SQL Default: Audit
Allowed: (Audit, Disabled)		 GA
Enforce SSL connection should be enabled for PostgreSQL database servers d158790f-bfb0-486c-8631-2dc6b4e8e6af SQL Default: Audit
Allowed: (Audit, Disabled)		 GA
Ensure that 'Java version' is the latest, if used as a part of the API app 88999f4c-376a-45c8-bcb3-4058f713cf39 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Java version' is the latest, if used as a part of the Function app 9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Java version' is the latest, if used as a part of the Web app 496223c3-ad65-4ecd-878a-bae78737e9ed App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'PHP version' is the latest, if used as a part of the API app 1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'PHP version' is the latest, if used as a part of the WEB app 7261b898-8a84-4db8-9e04-18527132abb3 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Python version' is the latest, if used as a part of the API app 74c3584d-afae-46f7-a20a-6f8adba71a16 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Python version' is the latest, if used as a part of the Function app 7238174a-fd10-4ef0-817e-fc820a951d73 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Python version' is the latest, if used as a part of the Web app 7008174a-fd10-4ef0-817e-fc820a951d73 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On' 5bb220d9-2698-4ee4-8404-b9c30c9df609 App Service Default: Audit
Allowed: (Audit, Disabled)		 GA
Event Hub should use a virtual network service endpoint d63edb4a-c612-454d-b47d-191a724fcbf0 Network Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
External accounts with owner permissions should be removed from your subscription f8456c1c-aa66-4dfb-861a-25d127b775c9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
External accounts with read permissions should be removed from your subscription 5f76cf89-fbf2-47fd-a3f4-b891fa780b60 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
External accounts with write permissions should be removed from your subscription 5c607a2e-c700-4744-8254-d77e7c9eb5e4 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
FTPS only should be required in your API App 9a1b8c48-453a-4044-86c3-d8bfd823e4f5 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
FTPS only should be required in your Function App 399b2637-a50f-4f95-96f8-3a145476eb15 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
FTPS should be required in your Web App 4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Function App should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab App Service Default: Audit
Allowed: (Audit, Disabled)		 GA
Geo-redundant backup should be enabled for Azure Database for MariaDB 0ec47710-77ff-4a3d-9181-6aa50af424d0 SQL Default: Audit
Allowed: (Audit, Disabled)		 GA
Geo-redundant backup should be enabled for Azure Database for MySQL 82339799-d096-41ae-8538-b108becf0970 SQL Default: Audit
Allowed: (Audit, Disabled)		 GA
Geo-redundant backup should be enabled for Azure Database for PostgreSQL 48af4db5-9b8b-401c-8e74-076be876a430 SQL Default: Audit
Allowed: (Audit, Disabled)		 GA
Internet-facing virtual machines should be protected with network security groups f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
IP Forwarding on your virtual machine should be disabled bd352bd5-2853-4985-bf0d-73806b4a5744 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Key Vault should use a virtual network service endpoint ea4d6841-2173-4317-9747-ff522a45120f Network Default: Audit
Allowed: (Audit, Disabled)		 GA
Key vaults should have purge protection enabled 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version fb893a29-21bb-418c-a157-e99480ec364c Security Center Default: Audit
Allowed: (Audit, Disabled)		 GA
Latest TLS version should be used in your API App 8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Latest TLS version should be used in your Function App f9d614c5-c173-4d56-95a7-b4437057d193 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Latest TLS version should be used in your Web App f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Long-term geo-redundant backup should be enabled for Azure SQL Databases d38fc420-0735-4ef3-ac11-c806f651a570 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Managed identity should be used in your API App c4d441f8-f9d9-4a9e-9cef-e82117cb3eef App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Managed identity should be used in your Function App 0da106f2-4ca3-48e8-bc85-c638fe6aea8f App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Managed identity should be used in your Web App 2b9ad585-36bc-4615-b300-fd4435808332 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Management ports of virtual machines should be protected with just-in-time network access control b0f33259-77d7-4c9e-aac6-3aabcfae693c Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Management ports should be closed on your virtual machines 22730e10-96f6-4aac-ad84-9383d35b5917 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
MFA should be enabled accounts with write permissions on your subscription 9297c21d-2ed6-4474-b48f-163f75654ce3 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
MFA should be enabled on accounts with owner permissions on your subscription aa633080-8b72-40c4-a2d7-d00c03e80bed Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
MFA should be enabled on accounts with read permissions on your subscription e3576e28-8b17-4677-84c3-db2990658d64 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Microsoft Antimalware for Azure should be configured to automatically update protection signatures c43e4a30-77cb-48ab-a4dd-93f175c63b57 Compute Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Network Watcher should be enabled b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb Cache Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Private endpoint should be enabled for MariaDB servers 0a1302fb-a631-4106-9753-f3d494733990 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Private endpoint should be enabled for MySQL servers 7595c971-233d-4bcf-bd18-596129188c49 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Private endpoint should be enabled for PostgreSQL servers 0564d078-92f5-4f97-8398-b9f58a51f70b SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Remote debugging should be turned off for API Apps e9c8d085-d9cc-4b17-9cdc-059f1f01f19e App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Remote debugging should be turned off for Function Apps 0e60b895-3786-45da-8377-9c6b4b6ac5f9 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Remote debugging should be turned off for Web Applications cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Azure Data Lake Store should be enabled 057ef27e-665e-4328-8ea3-04b3122bd9fb Data Lake Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Azure Stream Analytics should be enabled f9be5368-9bf5-4b84-9e0a-7850da98bb46 Stream Analytics Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Batch accounts should be enabled 428256e6-1fac-4f48-a757-df34c2b3336d Batch Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Data Lake Analytics should be enabled c95c74d9-38fe-4f0d-af86-0c7d626a315c Data Lake Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Event Hub should be enabled 83a214f7-d01a-484b-91a9-ed54470c9a6a Event Hub Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in IoT Hub should be enabled 383856f8-de7f-44a2-81fc-e5135b5c2aa4 Internet of Things Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Key Vault should be enabled cf820ca0-f99e-4f3e-84fb-66e913812d21 Key Vault Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Logic Apps should be enabled 34f95f76-5386-4de7-b824-0d8478470c9d Logic Apps Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4 Search Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Service Bus should be enabled f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Service Bus Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Virtual Machine Scale Sets should be enabled 7c1b1214-f927-48bf-8882-84f0af6588b1 Compute Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Security Center Default: Audit
Allowed: (Audit, Disabled)		 GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign 617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Service Fabric clusters should only use Azure Active Directory for client authentication b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
SQL Auditing settings should have Action-Groups configured to capture critical activities 7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
SQL managed instances should use customer-managed keys to encrypt data at rest 048248b0-55cd-46da-b1ff-39efd52db260 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
SQL Server should use a virtual network service endpoint ae5d2f14-d830-42b6-9899-df6cfe9c71a3 Network Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
SQL servers should use customer-managed keys to encrypt data at rest 0d134df8-db83-46fb-ad72-fe0c9428c8dd SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
SQL servers with auditing to storage account destination should be configured with 90 days retention or higher 89099bee-89e0-4b26-a5f4-165451757743 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Storage accounts should be migrated to new Azure Resource Manager resources 37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Storage Accounts should use a virtual network service endpoint 60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Network Default: Audit
Allowed: (Audit, Disabled)		 GA
Subnets should be associated with a Network Security Group e71308d3-144b-4262-b144-efdc3cc90517 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Subscriptions should have a contact email address for security issues 4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
System updates on virtual machine scale sets should be installed c3f317a7-a95c-4547-b7e7-11017ebdf2fe Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
The Log Analytics agent should be installed on Virtual Machine Scale Sets efbde977-ba53-4479-b8e9-10b957924fbf Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
The Log Analytics agent should be installed on virtual machines a70ca396-0a34-413a-88e1-b956c1e683be Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Unattached disks should be encrypted 2c89a2e5-7285-40fe-afe0-ae8654b92fb2 Compute Default: Audit
Allowed: (Audit, Disabled)		 GA
Virtual machines should be connected to an approved virtual network d416745a-506c-48b6-8ab1-83cb814bcaa3 Network Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Virtual machines should be migrated to new Azure Resource Manager resources 1d84d5fb-01f6-4d12-ba4f-4a26081d403d Compute Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources 0961003e-5a0a-4549-abde-af6a37f2724d Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Virtual networks should use specified virtual network gateway f1776c76-f58c-4245-a8d0-2b207198dc8b Network Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Vulnerabilities in container security configurations should be remediated e8cbc669-f12d-49eb-93e7-9273119e9933 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Vulnerabilities in security configuration on your machines should be remediated e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated 3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Web Application should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service Default: Audit
Allowed: (Audit, Disabled)		 GA
Windows machines should meet requirements for 'Administrative Templates - Network' 67e010c1-640d-438e-a3a5-feaccb533a98 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Windows machines should meet requirements for 'Security Options - Microsoft Network Server' caf2d518-f029-4f6b-833b-d7081702f253 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Windows machines should meet requirements for 'Security Options - Network Access' 3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Windows machines should meet requirements for 'Security Options - Network Security' 1221c620-d201-468c-81e7-2817e6107e84 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
JSON 
{
  "displayName": "[Deprecated]: Azure Security Benchmark v1",
  "policyType": "BuiltIn",
  "description": "This initiative has been deprecated. The Azure Security Benchmark initiative now represents the Azure Security Benchmark v2 controls, and serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center.",
  "metadata": {
    "version": "8.0.0-deprecated",
    "deprecated": true,
    "category": "Regulatory Compliance"
  },
  "parameters": {
    "IncludeArcMachines": {
      "type": "String",
      "metadata": {
        "displayName": "Include Arc connected servers for Guest Configuration policies",
        "description": "Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine."
      },
      "allowedValues": [
        "true",
        "false"
      ],
      "defaultValue": "false"
    },
    "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": {
      "type": "String",
      "metadata": {
        "displayName": "List of users excluded from Windows VM Administrators group",
        "description": "A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"
      }
    },
    "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
      "type": "String",
      "metadata": {
        "displayName": "List of users that must be included in Windows VM Administrators group",
        "description": "A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2"
      }
    },
    "listOfOnlyMembersInWindowsVMAdministratorsGroup": {
      "type": "String",
      "metadata": {
        "displayName": "List of users that Windows VM Administrators group must *only* include",
        "description": "A semicolon-separated list of all the expected members of the Administrators local group. Ex: Administrator; myUser1; myUser2"
      }
    },
    "listOfRegionsWhereNetworkWatcherShouldBeEnabled": {
      "type": "Array",
      "metadata": {
        "displayName": "[Deprecated]: List of regions where Network Watcher should be enabled",
        "description": "To see a complete list of regions use Get-AzLocation",
        "strongType": "location",
        "deprecated": true
      },
      "defaultValue": [
        "australiacentral",
        "australiacentral2",
        "australiaeast",
        "australiasoutheast",
        "brazilsouth",
        "canadacentral",
        "canadaeast",
        "centralindia",
        "centralus",
        "eastasia",
        "eastus",
        "eastus2",
        "francecentral",
        "francesouth",
        "germanynorth",
        "germanywestcentral",
        "global",
        "japaneast",
        "japanwest",
        "koreacentral",
        "koreasouth",
        "northcentralus",
        "northeurope",
        "norwayeast",
        "norwaywest",
        "southafricanorth",
        "southafricawest",
        "southcentralus",
        "southeastasia",
        "southindia",
        "switzerlandnorth",
        "switzerlandwest",
        "uaecentral",
        "uaenorth",
        "uksouth",
        "ukwest",
        "westcentralus",
        "westeurope",
        "westindia",
        "westus",
        "westus2"
      ]
    },
    "NetworkWatcherResourceGroupName": {
      "type": "String",
      "metadata": {
        "displayName": "NetworkWatcher resource group name",
        "description": "Name of the resource group of NetworkWatcher, such as NetworkWatcherRG"
      },
      "defaultValue": "NetworkWatcherRG"
    },
    "approvedVirtualNetworkForVMs": {
      "type": "String",
      "metadata": {
        "displayName": "Virtual network where VMs should be connected",
        "description": "Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name",
        "strongType": "Microsoft.Network/virtualNetworks"
      }
    },
    "approvedNetworkGatewayforVirtualNetworks": {
      "type": "String",
      "metadata": {
        "displayName": "Network gateway that virtual networks should use",
        "description": "Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name",
        "strongType": "Microsoft.Network/virtualNetworkGateways"
      }
    },
    "listOfWorkspaceIDsForLogAnalyticsAgent": {
      "type": "String",
      "metadata": {
        "displayName": "List of workspace IDs where Log Analytics agents should connect",
        "description": "A semicolon-separated list of the workspace IDs that the Log Analytics agent should be connected to"
      }
    },
    "listOfResourceTypesWithDiagnosticLogsEnabled": {
      "type": "Array",
      "metadata": {
        "displayName": "List of resource types that should have resource logs enabled",
        "description": "Audit diagnostic setting for selected resource types"
      },
      "allowedValues": [
        "Microsoft.AnalysisServices/servers",
        "Microsoft.ApiManagement/service",
        "Microsoft.Network/applicationGateways",
        "Microsoft.Automation/automationAccounts",
        "Microsoft.ContainerInstance/containerGroups",
        "Microsoft.ContainerRegistry/registries",
        "Microsoft.ContainerService/managedClusters",
        "Microsoft.Batch/batchAccounts",
        "Microsoft.Cdn/profiles/endpoints",
        "Microsoft.CognitiveServices/accounts",
        "Microsoft.DocumentDB/databaseAccounts",
        "Microsoft.DataFactory/factories",
        "Microsoft.DataLakeAnalytics/accounts",
        "Microsoft.DataLakeStore/accounts",
        "Microsoft.EventGrid/eventSubscriptions",
        "Microsoft.EventGrid/topics",
        "Microsoft.EventHub/namespaces",
        "Microsoft.Network/expressRouteCircuits",
        "Microsoft.Network/azureFirewalls",
        "Microsoft.HDInsight/clusters",
        "Microsoft.Devices/IotHubs",
        "Microsoft.KeyVault/vaults",
        "Microsoft.Network/loadBalancers",
        "Microsoft.Logic/integrationAccounts",
        "Microsoft.Logic/workflows",
        "Microsoft.DBforMySQL/servers",
        "Microsoft.Network/networkInterfaces",
        "Microsoft.Network/networkSecurityGroups",
        "Microsoft.DBforPostgreSQL/servers",
        "Microsoft.PowerBIDedicated/capacities",
        "Microsoft.Network/publicIPAddresses",
        "Microsoft.RecoveryServices/vaults",
        "Microsoft.Cache/redis",
        "Microsoft.Relay/namespaces",
        "Microsoft.Search/searchServices",
        "Microsoft.ServiceBus/namespaces",
        "Microsoft.SignalRService/SignalR",
        "Microsoft.Sql/servers/databases",
        "Microsoft.Sql/servers/elasticPools",
        "Microsoft.StreamAnalytics/streamingjobs",
        "Microsoft.TimeSeriesInsights/environments",
        "Microsoft.Network/trafficManagerProfiles",
        "Microsoft.Compute/virtualMachines",
        "Microsoft.Compute/virtualMachineScaleSets",
        "Microsoft.Network/virtualNetworks",
        "Microsoft.Network/virtualNetworkGateways"
      ],
      "defaultValue": [
        "Microsoft.AnalysisServices/servers",
        "Microsoft.ApiManagement/service",
        "Microsoft.Network/applicationGateways",
        "Microsoft.Automation/automationAccounts",
        "Microsoft.ContainerInstance/containerGroups",
        "Microsoft.ContainerRegistry/registries",
        "Microsoft.ContainerService/managedClusters",
        "Microsoft.Batch/batchAccounts",
        "Microsoft.Cdn/profiles/endpoints",
        "Microsoft.CognitiveServices/accounts",
        "Microsoft.DocumentDB/databaseAccounts",
        "Microsoft.DataFactory/factories",
        "Microsoft.DataLakeAnalytics/accounts",
        "Microsoft.DataLakeStore/accounts",
        "Microsoft.EventGrid/eventSubscriptions",
        "Microsoft.EventGrid/topics",
        "Microsoft.EventHub/namespaces",
        "Microsoft.Network/expressRouteCircuits",
        "Microsoft.Network/azureFirewalls",
        "Microsoft.HDInsight/clusters",
        "Microsoft.Devices/IotHubs",
        "Microsoft.KeyVault/vaults",
        "Microsoft.Network/loadBalancers",
        "Microsoft.Logic/integrationAccounts",
        "Microsoft.Logic/workflows",
        "Microsoft.DBforMySQL/servers",
        "Microsoft.Network/networkInterfaces",
        "Microsoft.Network/networkSecurityGroups",
        "Microsoft.DBforPostgreSQL/servers",
        "Microsoft.PowerBIDedicated/capacities",
        "Microsoft.Network/publicIPAddresses",
        "Microsoft.RecoveryServices/vaults",
        "Microsoft.Cache/redis",
        "Microsoft.Relay/namespaces",
        "Microsoft.Search/searchServices",
        "Microsoft.ServiceBus/namespaces",
        "Microsoft.SignalRService/SignalR",
        "Microsoft.Sql/servers/databases",
        "Microsoft.Sql/servers/elasticPools",
        "Microsoft.StreamAnalytics/streamingjobs",
        "Microsoft.TimeSeriesInsights/environments",
        "Microsoft.Network/trafficManagerProfiles",
        "Microsoft.Compute/virtualMachines",
        "Microsoft.Compute/virtualMachineScaleSets",
        "Microsoft.Network/virtualNetworks",
        "Microsoft.Network/virtualNetworkGateways"
      ]
    },
    "PHPLatestVersion": {
      "type": "String",
      "metadata": {
        "displayName": "Latest PHP version",
        "description": "Latest supported PHP version for App Services"
      },
      "defaultValue": "7.3"
    },
    "JavaLatestVersion": {
      "type": "String",
      "metadata": {
        "displayName": "Latest Java version",
        "description": "Latest supported Java version for App Services"
      },
      "defaultValue": "11"
    },
    "WindowsPythonLatestVersion": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Latest Windows Python version",
        "description": "Latest supported Python version for App Services",
        "deprecated": true
      },
      "defaultValue": "3.6"
    },
    "LinuxPythonLatestVersion": {
      "type": "String",
      "metadata": {
        "displayName": "Latest Linux Python version",
        "description": "Latest supported Python version for App Services"
      },
      "defaultValue": "3.8"
    }
  },
  "policyDefinitions": [
    {
      "policyDefinitionReferenceId": "013e242c-8828-4970-87b3-ab247555486d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_9.1",
        "Azure_Security_Benchmark_v1.0_9.2"
      ]
    },
    {
      "policyDefinitionReferenceId": "048248b0-55cd-46da-b1ff-39efd52db260",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.8"
      ]
    },
    {
      "policyDefinitionReferenceId": "057ef27e-665e-4328-8ea3-04b3122bd9fb",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "0820b7b9-23aa-4725-a1ce-ae4558f718e5",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1",
        "Azure_Security_Benchmark_v1.0_1.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "09024ccc-0c5f-475e-9457-b7c0d9ed487b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.1",
        "Azure_Security_Benchmark_v1.0_3.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "0961003e-5a0a-4549-abde-af6a37f2724d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.8"
      ]
    },
    {
      "policyDefinitionReferenceId": "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_7.11",
        "Azure_Security_Benchmark_v1.0_9.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "0d134df8-db83-46fb-ad72-fe0c9428c8dd",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.8"
      ]
    },
    {
      "policyDefinitionReferenceId": "0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_7.12"
      ]
    },
    {
      "policyDefinitionReferenceId": "0e246bcf-5f6f-4f87-bc6f-775d4712c7ea",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e246bcf-5f6f-4f87-bc6f-775d4712c7ea",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "0e60b895-3786-45da-8377-9c6b4b6ac5f9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_9.1",
        "Azure_Security_Benchmark_v1.0_9.2"
      ]
    },
    {
      "policyDefinitionReferenceId": "69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "MembersToExclude": {
          "value": "[parameters('listOfMembersToExcludeFromWindowsVMAdministratorsGroup')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "17k78e20-9358-41c9-923c-fb736d382a12",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.8"
      ]
    },
    {
      "policyDefinitionReferenceId": "1a4e592a-6a6e-44a5-9814-e36264ca96e7",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.2"
      ]
    },
    {
      "policyDefinitionReferenceId": "1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "1d84d5fb-01f6-4d12-ba4f-4a26081d403d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_6.9"
      ]
    },
    {
      "policyDefinitionReferenceId": "1f314764-cb73-4fc9-b863-8eca98ac36e9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.9"
      ]
    },
    {
      "policyDefinitionReferenceId": "22730e10-96f6-4aac-ad84-9383d35b5917",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "22bee202-a82f-4305-9a2a-6d7f44d4dedb",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.8",
        "Azure_Security_Benchmark_v1.0_8.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "2b9ad585-36bc-4615-b300-fd4435808332",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_7.12"
      ]
    },
    {
      "policyDefinitionReferenceId": "2c89a2e5-7285-40fe-afe0-ae8654b92fb2",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.8"
      ]
    },
    {
      "policyDefinitionReferenceId": "2d21331d-a4c2-4def-a9ad-ee4e1e023beb",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "34c877ad-507e-4c82-993e-3452a6e0ad3c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "34f95f76-5386-4de7-b824-0d8478470c9d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "358c20a6-3f9e-4f0e-97ff-c6ce485e2aac",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "3657f5a0-770e-44a3-b44e-9431ba1e9735",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.8"
      ]
    },
    {
      "policyDefinitionReferenceId": "3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.11"
      ]
    },
    {
      "policyDefinitionReferenceId": "497dff13-db2a-4c0f-8603-28fa3b331ab6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.11"
      ]
    },
    {
      "policyDefinitionReferenceId": "385f5831-96d4-41db-9a3c-cd3af78aaae6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.11"
      ]
    },
    {
      "policyDefinitionReferenceId": "1221c620-d201-468c-81e7-2817e6107e84",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.11"
      ]
    },
    {
      "policyDefinitionReferenceId": "37e0d2fe-28a5-43d6-a273-67d37d1f5606",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_6.9"
      ]
    },
    {
      "policyDefinitionReferenceId": "383856f8-de7f-44a2-81fc-e5135b5c2aa4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.5",
        "Azure_Security_Benchmark_v1.0_7.4",
        "Azure_Security_Benchmark_v1.0_7.10"
      ]
    },
    {
      "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.2",
        "Azure_Security_Benchmark_v1.0_4.9"
      ]
    },
    {
      "policyDefinitionReferenceId": "428256e6-1fac-4f48-a757-df34c2b3336d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.2",
        "Azure_Security_Benchmark_v1.0_2.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_6.8",
        "Azure_Security_Benchmark_v1.0_6.10"
      ]
    },
    {
      "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_9.1",
        "Azure_Security_Benchmark_v1.0_9.2"
      ]
    },
    {
      "policyDefinitionReferenceId": "4f11b553-d42e-4e3a-89be-32ca364cad4c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.1",
        "Azure_Security_Benchmark_v1.0_3.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_10.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "501541f7-f7e7-4cd6-868c-4190fdad3ac9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "5744710e-cc2f-4ee8-8809-3b11e89f4bc9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "5bb220d9-2698-4ee4-8404-b9c30c9df609",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "5c607a2e-c700-4744-8254-d77e7c9eb5e4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.10"
      ]
    },
    {
      "policyDefinitionReferenceId": "5f76cf89-fbf2-47fd-a3f4-b891fa780b60",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.10"
      ]
    },
    {
      "policyDefinitionReferenceId": "60d21c4f-21a3-4d94-85f4-b924e6aeeda4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "617c02be-7f02-4efd-8836-3180d47b6c68",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.8"
      ]
    },
    {
      "policyDefinitionReferenceId": "6265018c-d7e2-432f-a75d-094d5f6f4465",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6265018c-d7e2-432f-a75d-094d5f6f4465",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "WorkspaceId": {
          "value": "[parameters('listOfWorkspaceIDsForLogAnalyticsAgent')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.2",
        "Azure_Security_Benchmark_v1.0_2.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "6b1cbf55-e8b6-442f-ba4c-7246b6381474",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.10"
      ]
    },
    {
      "policyDefinitionReferenceId": "6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "7c1b1214-f927-48bf-8882-84f0af6588b1",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "7f89b1eb-583c-429a-8828-af049802c1d9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9",
      "parameters": {
        "listOfResourceTypes": {
          "value": "[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "82339799-d096-41ae-8538-b108becf0970",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_9.1",
        "Azure_Security_Benchmark_v1.0_9.2"
      ]
    },
    {
      "policyDefinitionReferenceId": "83a214f7-d01a-484b-91a9-ed54470c9a6a",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "caf2d518-f029-4f6b-833b-d7081702f253",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.11"
      ]
    },
    {
      "policyDefinitionReferenceId": "86b3d65f-7626-441e-b690-81a8b71cff60",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.2"
      ]
    },
    {
      "policyDefinitionReferenceId": "8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "9297c21d-2ed6-4474-b48f-163f75654ce3",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.5"
      ]
    },
    {
      "policyDefinitionReferenceId": "30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "MembersToInclude": {
          "value": "[parameters('listOfMembersToIncludeInWindowsVMAdministratorsGroup')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "67e010c1-640d-438e-a3a5-feaccb533a98",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.11"
      ]
    },
    {
      "policyDefinitionReferenceId": "a451c1ef-c6ca-483d-87ed-f49761e3ffb5",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.6"
      ]
    },
    {
      "policyDefinitionReferenceId": "a4af4a39-4135-47fb-b175-47fbdf85311d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "a70ca396-0a34-413a-88e1-b956c1e683be",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.2",
        "Azure_Security_Benchmark_v1.0_2.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "a7aca53f-2ed4-4466-a25e-0b45ade68efd",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "aa633080-8b72-40c4-a2d7-d00c03e80bed",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.5"
      ]
    },
    {
      "policyDefinitionReferenceId": "abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.7",
        "Azure_Security_Benchmark_v1.0_4.5"
      ]
    },
    {
      "policyDefinitionReferenceId": "abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.7",
        "Azure_Security_Benchmark_v1.0_4.5"
      ]
    },
    {
      "policyDefinitionReferenceId": "ac4a19c2-fa67-49b4-8ae5-0b2e78c49457",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.6"
      ]
    },
    {
      "policyDefinitionReferenceId": "ae5d2f14-d830-42b6-9899-df6cfe9c71a3",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.8",
        "Azure_Security_Benchmark_v1.0_8.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "b0f33259-77d7-4c9e-aac6-3aabcfae693c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1",
        "Azure_Security_Benchmark_v1.0_1.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "b4330a05-a843-4bc8-bf9a-cacce50c67f4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "b54ed75b-3e1a-44ac-a333-05ba39b99ff0",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.9"
      ]
    },
    {
      "policyDefinitionReferenceId": "b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "b6e2945c-0b7b-40f5-9233-7a5323b5cdc6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6",
      "parameters": {
        "resourceGroupName": {
          "value": "[parameters('NetworkWatcherResourceGroupName')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.2",
        "Azure_Security_Benchmark_v1.0_1.5"
      ]
    },
    {
      "policyDefinitionReferenceId": "b7ddfbdc-1260-477d-91fd-98bd9be789a6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "3d2a3320-2a72-4c67-ac5f-caa40fbee2b2",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "Members": {
          "value": "[parameters('listOfOnlyMembersInWindowsVMAdministratorsGroup')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "bd352bd5-2853-4985-bf0d-73806b4a5744",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "c3f317a7-a95c-4547-b7e7-11017ebdf2fe",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.2"
      ]
    },
    {
      "policyDefinitionReferenceId": "c43e4a30-77cb-48ab-a4dd-93f175c63b57",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.8",
        "Azure_Security_Benchmark_v1.0_8.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "c4857be7-912a-4c75-87e6-e30292bcdf78",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "c4d441f8-f9d9-4a9e-9cef-e82117cb3eef",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_7.12"
      ]
    },
    {
      "policyDefinitionReferenceId": "c95c74d9-38fe-4f0d-af86-0c7d626a315c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cc9835f2-9f6b-4cc8-ab4a-f8ef615eb349",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.1",
        "Azure_Security_Benchmark_v1.0_4.5"
      ]
    },
    {
      "policyDefinitionReferenceId": "cf820ca0-f99e-4f3e-84fb-66e913812d21",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "d38fc420-0735-4ef3-ac11-c806f651a570",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_9.1",
        "Azure_Security_Benchmark_v1.0_9.2"
      ]
    },
    {
      "policyDefinitionReferenceId": "d416745a-506c-48b6-8ab1-83cb814bcaa3",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3",
      "parameters": {
        "virtualNetworkId": {
          "value": "[parameters('approvedVirtualNetworkForVMs')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "d63edb4a-c612-454d-b47d-191a724fcbf0",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.5",
        "Azure_Security_Benchmark_v1.0_7.4",
        "Azure_Security_Benchmark_v1.0_7.10"
      ]
    },
    {
      "policyDefinitionReferenceId": "e3576e28-8b17-4677-84c3-db2990658d64",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.5"
      ]
    },
    {
      "policyDefinitionReferenceId": "e71308d3-144b-4262-b144-efdc3cc90517",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "e802a67a-daf5-4436-9ea6-f6d821dd0c5d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.5",
        "Azure_Security_Benchmark_v1.0_7.4",
        "Azure_Security_Benchmark_v1.0_7.10"
      ]
    },
    {
      "policyDefinitionReferenceId": "e9c8d085-d9cc-4b17-9cdc-059f1f01f19e",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "ea4d6841-2173-4317-9747-ff522a45120f",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "ebb62a0c-3560-49e1-89ed-27e074e9f8ad",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.1",
        "Azure_Security_Benchmark_v1.0_3.10"
      ]
    },
    {
      "policyDefinitionReferenceId": "ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "efbde977-ba53-4479-b8e9-10b957924fbf",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.2",
        "Azure_Security_Benchmark_v1.0_2.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "f1776c76-f58c-4245-a8d0-2b207198dc8b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b",
      "parameters": {
        "virtualNetworkGatewayId": {
          "value": "[parameters('approvedNetworkGatewayforVirtualNetworks')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.11"
      ]
    },
    {
      "policyDefinitionReferenceId": "f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "f8456c1c-aa66-4dfb-861a-25d127b775c9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_3.1",
        "Azure_Security_Benchmark_v1.0_3.10"
      ]
    },
    {
      "policyDefinitionReferenceId": "f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "f9be5368-9bf5-4b84-9e0a-7850da98bb46",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "f9d614c5-c173-4d56-95a7-b4437057d193",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "feedbf84-6b99-488c-acc2-71c829aa5ffc",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.5"
      ]
    },
    {
      "policyDefinitionReferenceId": "1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba",
      "parameters": {
        "PHPLatestVersion": {
          "value": "[parameters('PHPLatestVersion')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "7261b898-8a84-4db8-9e04-18527132abb3",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3",
      "parameters": {
        "PHPLatestVersion": {
          "value": "[parameters('PHPLatestVersion')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "496223c3-ad65-4ecd-878a-bae78737e9ed",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed",
      "parameters": {
        "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc",
      "parameters": {
        "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "88999f4c-376a-45c8-bcb3-4058f713cf39",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39",
      "parameters": {
        "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "7008174a-fd10-4ef0-817e-fc820a951d73",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73",
      "parameters": {
        "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "7238174a-fd10-4ef0-817e-fc820a951d73",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73",
      "parameters": {
        "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "74c3584d-afae-46f7-a20a-6f8adba71a16",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16",
      "parameters": {
        "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
        }
      },
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "fb893a29-21bb-418c-a157-e99480ec364c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_5.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "0564d078-92f5-4f97-8398-b9f58a51f70b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "0a1302fb-a631-4106-9753-f3d494733990",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "7595c971-233d-4bcf-bd18-596129188c49",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7595c971-233d-4bcf-bd18-596129188c49",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1"
      ]
    },
    {
      "policyDefinitionReferenceId": "fc5e4038-4584-4632-8c85-c0448d374b2c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_1.1",
        "Azure_Security_Benchmark_v1.0_1.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "7ff426e2-515f-405a-91c8-4f2333442eb5",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.3"
      ]
    },
    {
      "policyDefinitionReferenceId": "89099bee-89e0-4b26-a5f4-165451757743",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_2.5"
      ]
    },
    {
      "policyDefinitionReferenceId": "399b2637-a50f-4f95-96f8-3a145476eb15",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    },
    {
      "policyDefinitionReferenceId": "9a1b8c48-453a-4044-86c3-d8bfd823e4f5",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5",
      "parameters": {},
      "groupNames": [
        "Azure_Security_Benchmark_v1.0_4.4"
      ]
    }
  ],
  "policyDefinitionGroups": [
    {
      "name": "Azure_Security_Benchmark_v1.0_1.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.3"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.4",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.4"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.5",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.5"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.6",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.6"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.7",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.7"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.8",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.8"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.9",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.9"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.10",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.10"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_1.11",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_1.11"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.3"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.4",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.4"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.5",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.5"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.6",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.6"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.7",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.7"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.8",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.8"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.9",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.9"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_2.10",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_2.10"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.3"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.4",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.4"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.5",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.5"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.6",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.6"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.7",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.7"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.8",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.8"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.9",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.9"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.10",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.10"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.11",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.11"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.12",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.12"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_3.13",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_3.13"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_4.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_4.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_4.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.3"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_4.4",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.4"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_4.5",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.5"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_4.6",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.6"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_4.7",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.7"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_4.8",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.8"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_4.9",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_4.9"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_5.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_5.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_5.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.3"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_5.4",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.4"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_5.5",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_5.5"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.3"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.4",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.4"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.5",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.5"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.6",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.6"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.7",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.7"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.8",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.8"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.9",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.9"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.10",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.10"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.11",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.11"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.12",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.12"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_6.13",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_6.13"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.3"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.4",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.4"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.5",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.5"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.6",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.6"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.7",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.7"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.8",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.8"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.9",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.9"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.10",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.10"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.11",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.11"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.12",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.12"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_7.13",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_7.13"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_8.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_8.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_8.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_8.3"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_9.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_9.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_9.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.3"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_9.4",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_9.4"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_10.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_10.2",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.2"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_10.4",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.4"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_10.5",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.5"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_10.6",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.6"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_11.1",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_11.1"
    },
    {
      "name": "Azure_Security_Benchmark_v1.0_10.3",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/Azure_Security_Benchmark_v1.0_10.3"
    }
  ]
}