FBI Criminal Justice Information Services (CJIS) v5.9.5

Azure BuiltIn Policy Initiative (PolicySet)

Policy types

Policy states

Policy categories

Total Policies: 216
Builtin Policies: 216
Static Policies: 0

GA: 202
Preview: 14

37 categories:

API for FHIR: 2
API Management: 2
App Configuration: 2
App Platform: 1
App Service: 10
Automation: 1
Azure Ai Services: 1
Azure Data Explorer: 2
Azure Update Manager: 1
Backup: 1
Batch: 2
Cache: 2
Cognitive Services: 1
Compute: 6
Container Instance: 2
Container Registry: 1
Cosmos DB: 3
Data Lake: 2
Event Hub: 4
General: 1
Guest Configuration: 23
Internet of Things: 2
Key Vault: 13
Kubernetes: 11
Logic Apps: 1
Machine Learning: 5
Monitoring: 15
Network: 14
Regulatory Compliance: 2
Security Center: 38
Service Bus: 2
SignalR: 1
Site Recovery: 1
SQL: 27
Storage: 9
Stream Analytics: 2
Synapse: 3

Rows: 1-10 / 216

Records:

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Page of 22

Policy DisplayName

Policy Id

Category

Version

Versioning

Effect

Roles#

Roles

State

policy in AzUSGov

[Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed

8dfab9c4-fe7b-49ad-85e4-1e9be085358f

Kubernetes

6.0.0-preview

1x
6.0.0-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

true

[Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled

fa498b91-8a7e-4710-9578-da944c68d1fe

SQL

1.0.0-preview

1x
1.0.0-preview

Default
Audit
Allowed
Audit, Disabled

Preview

true

[Preview]: Azure Recovery Services vaults should use private link for backup

deeddb44-9f94-4903-9fa0-081d524406e3

Backup

2.0.0-preview

1x
2.0.0-preview

Default
Audit
Allowed
Audit, Disabled

Preview

unknown

[Preview]: Container Registry should use a virtual network service endpoint

c4857be7-912a-4c75-87e6-e30292bcdf78

Network

1.0.0-preview

1x
1.0.0-preview

Default
Audit
Allowed
Audit, Disabled

Preview

true

[Preview]: Guest Attestation extension should be installed on supported Linux virtual machines

672fe5a1-2fcd-42d7-b85d-902b6e28c6ff

Security Center

6.0.0-preview

1x
6.0.0-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

true

[Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets

a21f8c92-9e22-4f09-b759-50500d1d2dda

Security Center

5.1.0-preview

1x
5.1.0-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

true

[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines

1cb4d9c2-f88f-4069-bee0-dba239a57b09

Security Center

4.0.0-preview

1x
4.0.0-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

true

[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets

f655e522-adff-494d-95c2-52d4f6d56a42

Security Center

3.1.0-preview

1x
3.1.0-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

true

[Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK)

47031206-ce96-41f8-861b-6a915f3de284

Internet of Things

1.0.0-preview

1x
1.0.0-preview

Default
Audit
Allowed
Audit, Deny, Disabled

Preview

true

[Preview]: Linux virtual machines should use only signed and trusted boot components

13a6c84f-49a5-410a-b5df-5b880c3fe009

Security Center

1.0.0-preview

1x
1.0.0-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

unknown

Date/Time (UTC ymd) (i)

Changes

2025-08-20 17:22:35

Version change: '1.5.0' to '1.6.0'
remove Policy [Deprecated]: API Management minimum API version should be set to 2019-12-01 or higher (549814b6-3212-4203-bdc8-1548d342fb67)

2025-08-13 17:22:31

Version change: '1.4.0' to '1.5.0'
remove Policy Virtual machines should be connected to an approved virtual network (d416745a-506c-48b6-8ab1-83cb814bcaa3)
remove Policy Audit Windows machines that have the specified members in the Administrators group (69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f)
remove Policy Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption (d461a302-a187-421a-89ac-84acdb4edc04)
remove Policy Audit Windows machines that do not contain the specified certificates in Trusted Root (934345e1-4dfb-4c70-90d7-41990dc9608b)
remove Policy Audit diagnostic setting for selected resource types (7f89b1eb-583c-429a-8828-af049802c1d9)
remove Policy Virtual networks should use specified virtual network gateway (f1776c76-f58c-4245-a8d0-2b207198dc8b)
remove Policy Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet (77e8b146-0078-4fb2-b002-e112381199f0)
remove Policy Audit Windows machines missing any of specified members in the Administrators group (30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7)
remove Policy Only approved VM extensions should be installed (c0e996f8-39cf-4af9-9f45-83fbde810432)
remove Policy Audit Windows machines that don't have the specified applications installed (ebb67efd-3c46-49b0-adfe-5599eb944998)

2025-08-07 17:22:55

Version change: '1.3.0' to '1.4.0'
remove Policy Deploy default Microsoft IaaSAntimalware extension for Windows Server (2835b622-407b-4114-9198-6f7064cbe0dc)
remove Policy Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs (331e8ea8-378a-410f-a2e5-ae22f38bb0da)
remove Policy Gateway subnets should not be configured with a network security group (35f9c03a-cc27-418e-9c0c-539ff999d010)
remove Policy Deploy network watcher when virtual networks are created (a9b99dd8-06c5-4317-8629-9d86a3c6e7d9)

2025-06-09 17:23:47

Version change: '1.2.0' to '1.3.0'
remove Policy [Deprecated]: Log Analytics Extension should be enabled for listed virtual machine images (32133ab0-ee4b-4b44-98d6-042180979d50)
remove Policy [Deprecated]: Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images (5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138)
remove Policy [Deprecated]: Virtual machines should be connected to a specified workspace (f47b5582-33ec-4c5c-87c0-b010a6b2e917)

2025-05-09 17:29:42

Version change: '1.1.0' to '1.2.0'
remove Policy [Deprecated]: Virtual machines should have the Log Analytics extension installed (a70ca396-0a34-413a-88e1-b956c1e683be)

2025-04-24 19:52:16

Version change: '1.0.0' to '1.1.0'
remove Policy [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated (e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15)

2025-01-30 19:27:00

add Initiative 4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721

{

displayName: "FBI Criminal Justice Information Services (CJIS) v5.9.5",
policyType: "BuiltIn",
description: "Standards by the FBI to secure criminal justice information, covering data access, transmission, and storage.",
metadata: {2 items
- version: "1.6.0",
- category: "Regulatory Compliance"
},
version: "1.6.0",
parameters: {397 items
- effect-81e74cea-30fd-40d5-802f-d72103c2aaaa: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-f655e522-adff-494d-95c2-52d4f6d56a42: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-40e85574-ef33-47e8-a854-7a65c7500560: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-3b980d31-7904-4bb7-8575-5665739a8052: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- operationName-3b980d31-7904-4bb7-8575-5665739a8052: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Operation Name",
    - description: "Security Operation name for which activity log alert should exist"
    },
  - allowedValues: [3 items
    - "Microsoft.Security/policies/write",
    - "Microsoft.Security/securitySolutions/write",
    - "Microsoft.Security/securitySolutions/delete"
    ],
  - defaultValue: "Microsoft.Security/policies/write"
  },
- effect-c251913d-7d24-4958-af87-478ed3b9ba41: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-47031206-ce96-41f8-861b-6a915f3de284: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-6b2122c1-8120-4ff5-801b-17625a355590: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-a1817ec0-a368-432a-8057-8371e17ac6ee: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-0a15ec92-a229-4763-bb14-0ea34a568f8d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-a2a5b911-5617-447e-a49e-59dbe0e0434b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-a2a5b911-5617-447e-a49e-59dbe0e0434b: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-7804b5c7-01dc-4723-969b-ae300cc07ff1: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-a1181c5f-672a-477a-979a-7d58aa086233: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-3e596b57-105f-48a6-be97-03e9243bad6e: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-3dc5edcd-002d-444c-b216-e123bbfa37c0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-8af8f826-edcb-4178-b35f-851ea6fea615: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Disabled",
    - "Deny"
    ],
  - defaultValue: "Audit"
  },
- effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- source-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Source",
    - description: "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
    },
  - allowedValues: [3 items
    - "All",
    - "Generated",
    - "Original"
    ],
  - defaultValue: "Original"
  },
- warn-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Warn",
    - description: "Whether or not to return warnings back to the user in the kubectl cli"
    },
  - defaultValue: false
  },
- effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace exclusions",
    - description: "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces "kube-system", "gatekeeper-system" and "azure-arc" are always excluded by design. "azure-extensions-usage-system" is optional to remove."
    },
  - defaultValue: [4 items
    - "kube-system",
    - "gatekeeper-system",
    - "azure-arc",
    - "azure-extensions-usage-system"
    ]
  },
- namespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace inclusions",
    - description: "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
    },
  - defaultValue: []
  },
- labelSelector-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {3 items
  - type: "Object",
  - metadata: {2 items
    - displayName: "Kubernetes label selector",
    - description: "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
    },
  - defaultValue: {}
  },
- allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "Allowed capabilities",
    - description: "The list of capabilities that are allowed to be added to a container. Provide empty list as input to block everything.",
    - portalReview: true
    },
  - defaultValue: []
  },
- requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "Required drop capabilities",
    - description: "The list of capabilities that must be dropped by a container.",
    - portalReview: true
    },
  - defaultValue: []
  },
- excludedContainers-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Containers exclusions",
    - description: "The list of InitContainers and Containers to exclude from policy evaluation. The identify is the name of container. Use an empty list to apply this policy to all containers in all namespaces."
    },
  - defaultValue: []
  },
- excludedImages-c26596ff-4d70-4e6a-9a30-c2506bd2f80c: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "Image exclusions",
    - description: "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
    - portalReview: true
    },
  - defaultValue: []
  },
- effect-7ff426e2-515f-405a-91c8-4f2333442eb5: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-98728c90-32c7-4049-8429-847dc0f4fe37: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- IncludeArcMachines-33936777-f2ac-45aa-82ec-07958ec9ade4: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits-33936777-f2ac-45aa-82ec-07958ec9ade4: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Audit: Shut down system immediately if unable to log security audits",
    - description: "Audits if the system will shut down when unable to log Security events."
    },
  - defaultValue: "0"
  },
- effect-33936777-f2ac-45aa-82ec-07958ec9ade4: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-83a214f7-d01a-484b-91a9-ed54470c9a6a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-3ac7c827-eea2-4bde-acc7-9568cd320efa: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-18adea5e-f416-4d0f-8aa8-d24321e3e274: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-0fdf0491-d080-4575-b627-ad0e843cba0f: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-afe0c3be-ba3b-4544-ba52-0c99672a8ad6: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days if exporting to an Azure Storage account"
    },
  - defaultValue: "365"
  },
- IncludeArcMachines-1221c620-d201-468c-81e7-2817e6107e84: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network Security: Configure encryption types allowed for Kerberos",
    - description: "Specifies the encryption types that Kerberos is allowed to use."
    },
  - defaultValue: "2147483644"
  },
- NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network security: LAN Manager authentication level",
    - description: "Specify which challenge-response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers."
    },
  - defaultValue: "5"
  },
- NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network security: LDAP client signing requirements",
    - description: "Specify the level of data signing that is requested on behalf of clients that issue LDAP BIND requests."
    },
  - defaultValue: "1"
  },
- NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients",
    - description: "Specifies which behaviors are allowed by clients for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers for more information."
    },
  - defaultValue: "537395200"
  },
- NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers",
    - description: "Specifies which behaviors are allowed by servers for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services."
    },
  - defaultValue: "537395200"
  },
- effect-1221c620-d201-468c-81e7-2817e6107e84: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-404c3081-a854-4457-ae30-26a93ef643f9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-0049a6b3-a662-4f3e-8635-39cf44ace45a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-87845465-c458-45f3-af66-dcd62176f397: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- effect-87845465-c458-45f3-af66-dcd62176f397: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-efbde977-ba53-4479-b8e9-10b957924fbf: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-e6955644-301c-44b5-a4c4-528577de6861: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- effect-e6955644-301c-44b5-a4c4-528577de6861: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-1b8ca024-1d5c-4dec-8995-b1a932b41780: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-1afada58-8b34-7ac2-a38a-983218635201: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Manual",
    - "Disabled"
    ],
  - defaultValue: "Manual"
  },
- effect-f4b53539-8df9-40e4-86c6-6b607703bd4e: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- IncludeArcMachines-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Recovery console: Allow floppy copy and access to all drives and all folders",
    - description: "Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables."
    },
  - defaultValue: "0"
  },
- effect-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- source-df49d893-a74c-421d-bc95-c663042e5b80: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Source",
    - description: "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
    },
  - allowedValues: [3 items
    - "All",
    - "Generated",
    - "Original"
    ],
  - defaultValue: "Original"
  },
- warn-df49d893-a74c-421d-bc95-c663042e5b80: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Warn",
    - description: "Whether or not to return warnings back to the user in the kubectl cli"
    },
  - defaultValue: false
  },
- effect-df49d893-a74c-421d-bc95-c663042e5b80: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace exclusions",
    - description: "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces "kube-system", "gatekeeper-system" and "azure-arc" are always excluded by design. "azure-extensions-usage-system" is optional to remove."
    },
  - defaultValue: [4 items
    - "kube-system",
    - "gatekeeper-system",
    - "azure-arc",
    - "azure-extensions-usage-system"
    ]
  },
- namespaces-df49d893-a74c-421d-bc95-c663042e5b80: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace inclusions",
    - description: "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
    },
  - defaultValue: []
  },
- labelSelector-df49d893-a74c-421d-bc95-c663042e5b80: {3 items
  - type: "Object",
  - metadata: {2 items
    - displayName: "Kubernetes label selector",
    - description: "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
    },
  - defaultValue: {}
  },
- excludedContainers-df49d893-a74c-421d-bc95-c663042e5b80: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Containers exclusions",
    - description: "The list of InitContainers and Containers to exclude from policy evaluation. The identify is the name of container. Use an empty list to apply this policy to all containers in all namespaces."
    },
  - defaultValue: []
  },
- excludedImages-df49d893-a74c-421d-bc95-c663042e5b80: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "Image exclusions",
    - description: "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
    - portalReview: true
    },
  - defaultValue: []
  },
- effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Disabled",
    - "Deny"
    ],
  - defaultValue: "Audit"
  },
- allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb: {4 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Allowed key types",
    - description: "The list of allowed key types"
    },
  - allowedValues: [4 items
    - "RSA",
    - "RSA-HSM",
    - "EC",
    - "EC-HSM"
    ],
  - defaultValue: [4 items
    - "RSA",
    - "RSA-HSM",
    - "EC",
    - "EC-HSM"
    ]
  },
- effect-75c4f823-d65c-4f29-a733-01d0077fdbcb: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f: {3 items
  - type: "String",
  - metadata: {4 items
    - displayName: "[Deprecated]: Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true",
    - deprecated: true
    },
  - defaultValue: ""
  },
- MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Members to exclude",
    - description: "A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2",
    - deprecated: true
    },
  - defaultValue: ""
  },
- effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- source-423dd1ba-798e-40e4-9c4d-b6902674b423: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Source",
    - description: "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
    },
  - allowedValues: [3 items
    - "All",
    - "Generated",
    - "Original"
    ],
  - defaultValue: "Original"
  },
- warn-423dd1ba-798e-40e4-9c4d-b6902674b423: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Warn",
    - description: "Whether or not to return warnings back to the user in the kubectl cli"
    },
  - defaultValue: false
  },
- effect-423dd1ba-798e-40e4-9c4d-b6902674b423: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- excludedImages-423dd1ba-798e-40e4-9c4d-b6902674b423: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "Image exclusions",
    - description: "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
    - portalReview: true
    },
  - defaultValue: []
  },
- excludedNamespaces-423dd1ba-798e-40e4-9c4d-b6902674b423: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace exclusions",
    - description: "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces "kube-system", "gatekeeper-system" and "azure-arc" are always excluded by design. "azure-extensions-usage-system" is optional to remove."
    },
  - defaultValue: [4 items
    - "kube-system",
    - "gatekeeper-system",
    - "azure-arc",
    - "azure-extensions-usage-system"
    ]
  },
- namespaces-423dd1ba-798e-40e4-9c4d-b6902674b423: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace inclusions",
    - description: "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
    },
  - defaultValue: []
  },
- labelSelector-423dd1ba-798e-40e4-9c4d-b6902674b423: {3 items
  - type: "Object",
  - metadata: {2 items
    - displayName: "Kubernetes label selector",
    - description: "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
    },
  - defaultValue: {}
  },
- effect-428256e6-1fac-4f48-a757-df34c2b3336d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-428256e6-1fac-4f48-a757-df34c2b3336d: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-2158ddbe-fefa-408e-b43f-d4faef8ff3b8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-797b37f7-06b8-444c-b1ad-fc62867f335a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-6e2593d9-add6-4083-9c9b-4b7d2188c899: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-94d9aca8-3757-46df-aa51-f218c5f11954: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- effect-94d9aca8-3757-46df-aa51-f218c5f11954: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-9daedab3-fb2d-461e-b861-71790eead4f6: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-2d21331d-a4c2-4def-a9ad-ee4e1e023beb: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Members",
    - description: "A semicolon-separated list of all the expected members of the Administrators local group. Ex: Administrator; myUser1; myUser2"
    },
  - allowedValues: [],
  - defaultValue: "Administrator"
  },
- IncludeArcMachines-bf16e0bb-31e1-4646-8202-60a235cc7e74: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- effect-bf16e0bb-31e1-4646-8202-60a235cc7e74: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-46aa9b05-0e60-4eae-a88b-1e9d374fa515: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-91a78b24-f231-4a8a-8da9-02c35b2b6510: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-91a78b24-f231-4a8a-8da9-02c35b2b6510: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- allowedEncryptionSets-d461a302-a187-421a-89ac-84acdb4edc04: {3 items
  - type: "Array",
  - metadata: {4 items
    - displayName: "[Deprecated]: Allowed disk encryption set",
    - description: "The list of allowed disk encryption sets for managed disks.",
    - strongType: "Microsoft.Compute/diskEncryptionSets",
    - deprecated: true
    },
  - defaultValue: []
  },
- effect-d461a302-a187-421a-89ac-84acdb4edc04: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - defaultValue: ""
  },
- effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-ca91455f-eace-4f96-be59-e6e2c35b4816: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-f4826e5f-6a27-407c-ae3e-9582eb39891d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-7803067c-7d34-46e3-8c79-0ca68fc4036d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-34c877ad-507e-4c82-993e-3452a6e0ad3c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-ab6a902f-9493-453b-928d-62c30b11b5a6: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-3d9f5e4c-9947-4579-9539-2a7695fbc187: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-009a0c92-f5b4-4776-9b66-4ed2b4775563: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-fb893a29-21bb-418c-a157-e99480ec364c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-2b9ad585-36bc-4615-b300-fd4435808332: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-67e010c1-640d-438e-a3a5-feaccb533a98: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- EnableInsecureGuestLogons-67e010c1-640d-438e-a3a5-feaccb533a98: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Enable insecure guest logons",
    - description: "Specifies whether the SMB client will allow insecure guest logons to an SMB server."
    },
  - defaultValue: "0"
  },
- AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain-67e010c1-640d-438e-a3a5-feaccb533a98: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Allow simultaneous connections to the Internet or a Windows Domain",
    - description: "Specify whether to prevent computers from connecting to both a domain based network and a non-domain based network at the same time. A value of 0 allows simultaneous connections, and a value of 1 blocks them."
    },
  - defaultValue: "1"
  },
- TurnOffMulticastNameResolution-67e010c1-640d-438e-a3a5-feaccb533a98: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Turn off multicast name resolution",
    - description: "Specifies whether LLMNR, a secondary name resolution protocol that transmits using multicast over a local subnet link on a single subnet, is enabled."
    },
  - defaultValue: "1"
  },
- effect-67e010c1-640d-438e-a3a5-feaccb533a98: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Disabled",
    - "Deny"
    ],
  - defaultValue: "Audit"
  },
- evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4: {4 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Azure Spring Cloud SKU Names",
    - description: "List of Azure Spring Cloud SKUs against which this policy will be evaluated."
    },
  - allowedValues: [2 items
    - "Standard",
    - "Enterprise"
    ],
  - defaultValue: [2 items
    - "Standard",
    - "Enterprise"
    ]
  },
- effect-2393d2cf-a342-44cd-a2e2-fe0188fd1234: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-b8564268-eb4a-4337-89be-a19db070c59d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Manual",
    - "Disabled"
    ],
  - defaultValue: "Manual"
  },
- effect-55615ac9-af46-4a59-874e-391cc3dfb490: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- restrictIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Would you like to restrict specific IP addresses?",
    - description: "Select (Yes) to allow or forbid a list of IP addresses. If (No), the list of IP addresses won't have any effect in the policy enforcement"
    },
  - allowedValues: [2 items
    - "Yes",
    - "No"
    ],
  - defaultValue: "No"
  },
- allowedIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Allowed IP addresses",
    - description: "Array with allowed public IP addresses. An empty array is evaluated as to allow all IPs."
    },
  - defaultValue: []
  },
- forbiddenIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Forbidden IP addresses",
    - description: "Array with forbidden public IP addresses. An empty array is evaluated as there are no forbidden IP addresses."
    },
  - defaultValue: []
  },
- effect-c4857be7-912a-4c75-87e6-e30292bcdf78: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- listOfImageIdToInclude_windows-11ac78e3-31bc-4f0c-8434-37ab963cea07: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Optional: List of virtual machine images that have supported Windows OS to add to scope",
    - description: "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
    },
  - defaultValue: []
  },
- listOfImageIdToInclude_linux-11ac78e3-31bc-4f0c-8434-37ab963cea07: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Optional: List of virtual machine images that have supported Linux OS to add to scope",
    - description: "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
    },
  - defaultValue: []
  },
- effect-11ac78e3-31bc-4f0c-8434-37ab963cea07: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-4ceb8dc2-559c-478b-a15b-733fbf1e3738: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- MaximumPasswordAge-4ceb8dc2-559c-478b-a15b-733fbf1e3738: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Maximum password age",
    - description: "The Maximum password age setting determines the period of time (in days) that a password can be used before the system requires the user to change it.",
    - portalReview: "true"
    },
  - defaultValue: "70"
  },
- effect-4ceb8dc2-559c-478b-a15b-733fbf1e3738: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Log Analytics Workspace Id that virtual machines should be configured for",
    - description: "This is the Id (GUID) of the Log Analytics Workspace that the virtual machines should be configured for.",
    - deprecated: true
    },
  - defaultValue: ""
  },
- effect-f47b5582-33ec-4c5c-87c0-b010a6b2e917: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- effect-ae5d2f14-d830-42b6-9899-df6cfe9c71a3: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-a1840de2-8088-4ea8-b153-b4c723e9cb01: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-fa498b91-8a7e-4710-9578-da944c68d1fe: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-a70ca396-0a34-413a-88e1-b956c1e683be: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- effect-7796937f-307b-4598-941c-67d3a05ebfe7: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255: {4 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Allowed elliptic curve names",
    - description: "The list of allowed curve names for elliptic curve cryptography certificates."
    },
  - allowedValues: [4 items
    - "P-256",
    - "P-256K",
    - "P-384",
    - "P-521"
    ],
  - defaultValue: [4 items
    - "P-256",
    - "P-256K",
    - "P-384",
    - "P-521"
    ]
  },
- effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-4c3c6c5f-0d47-4402-99b8-aa543dd8bcee: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-d6759c02-b87f-42b7-892e-71b3f471d782: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- IncludeArcMachines-e068b215-0026-4354-b347-8fb2766f73a2: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may access this computer from the network",
    - description: "Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection."
    },
  - defaultValue: "Administrators, Authenticated Users"
  },
- UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may log on locally",
    - description: "Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right."
    },
  - defaultValue: "Administrators"
  },
- UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may log on through Remote Desktop Services",
    - description: "Specifies which users or groups are permitted to log on as a Terminal Services client, Remote Desktop, or for Remote Assistance."
    },
  - defaultValue: "Administrators, Remote Desktop Users"
  },
- UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied access to this computer from the network",
    - description: "Specifies which users or groups are explicitly prohibited from connecting to the computer across the network."
    },
  - defaultValue: "Guests"
  },
- UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may manage auditing and security log",
    - description: "Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log."
    },
  - defaultValue: "Administrators"
  },
- UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may back up files and directories",
    - description: "Specifies users and groups allowed to circumvent file and directory permissions to back up the system."
    },
  - defaultValue: "Administrators, Backup Operators"
  },
- UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may change the system time",
    - description: "Specifies which users and groups are permitted to change the time and date on the internal clock of the computer."
    },
  - defaultValue: "Administrators, LOCAL SERVICE"
  },
- UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may change the time zone",
    - description: "Specifies which users and groups are permitted to change the time zone of the computer."
    },
  - defaultValue: "Administrators, LOCAL SERVICE"
  },
- UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may create a token object",
    - description: "Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data."
    },
  - defaultValue: "No One"
  },
- UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied logging on as a batch job",
    - description: "Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task)."
    },
  - defaultValue: "Guests"
  },
- UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied logging on as a service",
    - description: "Specifies which service accounts are explicitly not permitted to register a process as a service."
    },
  - defaultValue: "Guests"
  },
- UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied local logon",
    - description: "Specifies which users and groups are explicitly not permitted to log on to the computer."
    },
  - defaultValue: "Guests"
  },
- UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that are denied log on through Remote Desktop Services",
    - description: "Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client."
    },
  - defaultValue: "Guests"
  },
- UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "User and groups that may force shutdown from a remote system",
    - description: "Specifies which users and groups are permitted to shut down the computer from a remote location on the network."
    },
  - defaultValue: "Administrators"
  },
- UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that may restore files and directories",
    - description: "Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories."
    },
  - defaultValue: "Administrators, Backup Operators"
  },
- UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users and groups that may shut down the system",
    - description: "Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command."
    },
  - defaultValue: "Administrators"
  },
- UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Users or groups that may take ownership of files or other objects",
    - description: "Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user."
    },
  - defaultValue: "Administrators"
  },
- effect-e068b215-0026-4354-b347-8fb2766f73a2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-97566dd7-78ae-4997-8b36-1c7bfe0d8121: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-c0e996f8-39cf-4af9-9f45-83fbde810432: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - defaultValue: ""
  },
- approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432: {3 items
  - type: "Array",
  - metadata: {3 items
    - description: "The list of approved extension types that can be installed. Example: AzureDiskEncryption",
    - displayName: "[Deprecated]: Approved extensions",
    - deprecated: true
    },
  - defaultValue: []
  },
- effect-d416745a-506c-48b6-8ab1-83cb814bcaa3: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - defaultValue: ""
  },
- virtualNetworkId-d416745a-506c-48b6-8ab1-83cb814bcaa3: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Virtual network Id",
    - description: "Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name",
    - deprecated: true
    },
  - defaultValue: ""
  },
- effect-6581d072-105e-4418-827f-bd446d56421b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-c9d007d0-c057-4772-b18c-01e546713bcd: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-ae89ebca-1c92-4898-ac2c-9f63decb045c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-2a7a701e-dff3-4da9-9ec5-42cb98594c0b: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Audit Authentication Policy Change",
    - description: "Specifies whether audit events are generated when changes are made to authentication policy. This setting is useful for tracking changes in domain-level and forest-level trust and privileges that are granted to user accounts or groups."
    },
  - allowedValues: [4 items
    - "No Auditing",
    - "Success",
    - "Failure",
    - "Success and Failure"
    ],
  - defaultValue: "Success"
  },
- AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Audit Authorization Policy Change",
    - description: "Specifies whether audit events are generated for assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects."
    },
  - allowedValues: [4 items
    - "No Auditing",
    - "Success",
    - "Failure",
    - "Success and Failure"
    ],
  - defaultValue: "No Auditing"
  },
- effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-492a29ed-d143-4f03-b6a4-705ce081b463: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "UAC: Admin Approval Mode for the Built-in Administrator account",
    - description: "Specifies the behavior of Admin Approval Mode for the built-in Administrator account."
    },
  - defaultValue: "1"
  },
- UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "UAC: Behavior of the elevation prompt for administrators in Admin Approval Mode",
    - description: "Specifies the behavior of the elevation prompt for administrators."
    },
  - defaultValue: "2"
  },
- UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "UAC: Detect application installations and prompt for elevation",
    - description: "Specifies the behavior of application installation detection for the computer."
    },
  - defaultValue: "1"
  },
- UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "UAC: Run all administrators in Admin Approval Mode",
    - description: "Specifies the behavior of all User Account Control (UAC) policy settings for the computer."
    },
  - defaultValue: "1"
  },
- effect-492a29ed-d143-4f03-b6a4-705ce081b463: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-35d9882c-993d-44e6-87d2-db66ce21b636: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- WindowsFirewallDomainUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Use profile settings",
    - description: "Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallDomainBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Behavior for outbound connections",
    - description: "Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
    },
  - defaultValue: "0"
  },
- WindowsFirewallDomainApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Apply local connection security rules",
    - description: "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallDomainApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Apply local firewall rules",
    - description: "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallDomainDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Domain): Display notifications",
    - description: "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPrivateUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Use profile settings",
    - description: "Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPrivateBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Behavior for outbound connections",
    - description: "Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
    },
  - defaultValue: "0"
  },
- WindowsFirewallPrivateApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Apply local connection security rules",
    - description: "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPrivateApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Apply local firewall rules",
    - description: "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPrivateDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Private): Display notifications",
    - description: "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPublicUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Use profile settings",
    - description: "Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPublicBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Behavior for outbound connections",
    - description: "Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
    },
  - defaultValue: "0"
  },
- WindowsFirewallPublicApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Apply local connection security rules",
    - description: "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPublicApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Apply local firewall rules",
    - description: "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallPublicDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall (Public): Display notifications",
    - description: "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile."
    },
  - defaultValue: "1"
  },
- WindowsFirewallDomainAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall: Domain: Allow unicast response",
    - description: "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile."
    },
  - defaultValue: "0"
  },
- WindowsFirewallPrivateAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall: Private: Allow unicast response",
    - description: "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile."
    },
  - defaultValue: "0"
  },
- WindowsFirewallPublicAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Windows Firewall: Public: Allow unicast response",
    - description: "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile."
    },
  - defaultValue: "1"
  },
- effect-35d9882c-993d-44e6-87d2-db66ce21b636: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-ebb67efd-3c46-49b0-adfe-5599eb944998: {3 items
  - type: "String",
  - metadata: {4 items
    - displayName: "[Deprecated]: Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true",
    - deprecated: true
    },
  - defaultValue: ""
  },
- installedApplication-ebb67efd-3c46-49b0-adfe-5599eb944998: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Application names (supports wildcards)",
    - description: "A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')",
    - deprecated: true
    },
  - defaultValue: ""
  },
- effect-c9299215-ae47-4f50-9c54-8a392f68a052: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-60d21c4f-21a3-4d94-85f4-b924e6aeeda4: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-f1776c76-f58c-4245-a8d0-2b207198dc8b: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - defaultValue: ""
  },
- virtualNetworkGatewayId-f1776c76-f58c-4245-a8d0-2b207198dc8b: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Virtual network gateway Id",
    - description: "Resource Id of the virtual network gateway. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name",
    - deprecated: true
    },
  - defaultValue: ""
  },
- effect-11e3da8c-1d68-4392-badd-0ff3c43ab5b0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-7698e800-9299-47a6-b3b6-5a0fee576eed: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-c39ba22d-4428-4149-b981-70acb31fc383: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- source-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Source",
    - description: "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
    },
  - allowedValues: [3 items
    - "All",
    - "Generated",
    - "Original"
    ],
  - defaultValue: "Original"
  },
- warn-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Warn",
    - description: "Whether or not to return warnings back to the user in the kubectl cli"
    },
  - defaultValue: false
  },
- effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace exclusions",
    - description: "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces "kube-system", "gatekeeper-system" and "azure-arc" are always excluded by design. "azure-extensions-usage-system" is optional to remove."
    },
  - defaultValue: [4 items
    - "kube-system",
    - "gatekeeper-system",
    - "azure-arc",
    - "azure-extensions-usage-system"
    ]
  },
- namespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace inclusions",
    - description: "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
    },
  - defaultValue: []
  },
- labelSelector-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8: {3 items
  - type: "Object",
  - metadata: {2 items
    - displayName: "Kubernetes label selector",
    - description: "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
    },
  - defaultValue: {}
  },
- excludedImages-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "Image exclusions",
    - description: "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
    - portalReview: true
    },
  - defaultValue: []
  },
- effect-e345b6c3-24bd-4c93-9bbb-7e5e49a17b78: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "[Deprecated]: Resource Types",
    - strongType: "resourceTypes",
    - deprecated: true
    },
  - defaultValue: []
  },
- logsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "[Deprecated]: Logs Enabled",
    - deprecated: true
    },
  - defaultValue: false
  },
- metricsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "[Deprecated]: Metrics Enabled",
    - deprecated: true
    },
  - defaultValue: false
  },
- effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Operation Name",
    - description: "Policy Operation name for which activity log alert should exist"
    },
  - allowedValues: [2 items
    - "Microsoft.Authorization/policyAssignments/write",
    - "Microsoft.Authorization/policyAssignments/delete"
    ],
  - defaultValue: "Microsoft.Authorization/policyAssignments/write"
  },
- effect-1c30f9cd-b84c-49cc-aa2c-9288447cc3b3: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-1cb4d9c2-f88f-4069-bee0-dba239a57b09: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Enforce password history",
    - description: "Specifies limits on password reuse - how many times a new password must be created for a user account before the password can be repeated."
    },
  - defaultValue: "24"
  },
- MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Maximum password age",
    - description: "Specifies the maximum number of days that may elapse before a user account password must be changed. The format of the value is two integers separated by a comma, denoting an inclusive range."
    },
  - defaultValue: "1,70"
  },
- MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Minimum password age",
    - description: "Specifies the minimum number of days that must elapse before a user account password can be changed."
    },
  - defaultValue: "1"
  },
- MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Minimum password length",
    - description: "Specifies the minimum number of characters that a user account password may contain."
    },
  - defaultValue: "14"
  },
- PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Password must meet complexity requirements",
    - description: "Specifies whether a user account password must be complex. If required, a complex password must not contain part of user's account name or full name; be at least 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters."
    },
  - defaultValue: "1"
  },
- effect-f2143251-70de-4e81-87a8-36cee5a2f29d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-cf820ca0-f99e-4f3e-84fb-66e913812d21: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-146412e9-005c-472b-9e48-c87b72ac229e: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- effect-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-32e6bbec-16b6-44c2-be37-c5b672d103cf: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Disabled",
    - "Deny"
    ],
  - defaultValue: "Audit"
  },
- effect-bd876905-5b84-4f73-ab2d-2e7a7c4568d9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-34f95f76-5386-4de7-b824-0d8478470c9d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-8ac833bd-f505-48d5-887e-c993a1d3eea0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9: {4 items
  - type: "String",
  - metadata: {1 item
    - displayName: "Desired Auditing setting"
    },
  - allowedValues: [2 items
    - "enabled",
    - "disabled"
    ],
  - defaultValue: "enabled"
  },
- effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-e15effd4-2278-4c65-a0da-4d6f6d1890e2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Deny",
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-7926a6d1-b268-4586-8197-e8ae90c877d7: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9: {4 items
  - type: "Integer",
  - metadata: {2 items
    - displayName: "Minimum RSA key size",
    - description: "The minimum key size for RSA keys."
    },
  - allowedValues: [3 items
    - 2048,
    - 3072,
    - 4096
    ],
  - defaultValue: 2048
  },
- effect-82067dbb-e53b-4e06-b631-546d197452d9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-a8793640-60f7-487c-b5c3-1d37215905c4: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-58383b73-94a9-4414-b382-4146eb02611b: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- AuditProcessTermination-58383b73-94a9-4414-b382-4146eb02611b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Audit Process Termination",
    - description: "Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes."
    },
  - allowedValues: [4 items
    - "No Auditing",
    - "Success",
    - "Failure",
    - "Success and Failure"
    ],
  - defaultValue: "No Auditing"
  },
- effect-58383b73-94a9-4414-b382-4146eb02611b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "[Deprecated]: Optional: List of virtual machine images that have supported Windows OS to add to scope",
    - description: "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'",
    - deprecated: true
    },
  - defaultValue: []
  },
- listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "[Deprecated]: Optional: List of virtual machine images that have supported Linux OS to add to scope",
    - description: "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'",
    - deprecated: true
    },
  - defaultValue: []
  },
- effect-32133ab0-ee4b-4b44-98d6-042180979d50: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- effect-0a370ff3-6cab-4e85-8995-295fd854c5b8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- IncludeArcMachines-caf2d518-f029-4f6b-833b-d7081702f253: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- effect-caf2d518-f029-4f6b-833b-d7081702f253: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-d63edb4a-c612-454d-b47d-191a724fcbf0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-9dfea752-dd46-4766-aed1-c355fa93fb91: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-934345e1-4dfb-4c70-90d7-41990dc9608b: {3 items
  - type: "String",
  - metadata: {4 items
    - displayName: "[Deprecated]: Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true",
    - deprecated: true
    },
  - defaultValue: ""
  },
- CertificateThumbprints-934345e1-4dfb-4c70-90d7-41990dc9608b: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Certificate thumbprints",
    - description: "A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\LocalMachine\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3",
    - deprecated: true
    },
  - defaultValue: ""
  },
- effect-9b597639-28e4-48eb-b506-56b05d366257: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-438c38d2-3772-465a-a9cc-7a6666a275ce: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-a21f8c92-9e22-4f09-b759-50500d1d2dda: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-d2e7ea85-6b44-4317-a0be-1b951587f626: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- excludedNamespaces-d2e7ea85-6b44-4317-a0be-1b951587f626: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace exclusions",
    - description: "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces "kube-system", "gatekeeper-system" and "azure-arc" are always excluded by design. "azure-extensions-usage-system" is optional to remove."
    },
  - defaultValue: [4 items
    - "kube-system",
    - "gatekeeper-system",
    - "azure-arc",
    - "azure-extensions-usage-system"
    ]
  },
- namespaces-d2e7ea85-6b44-4317-a0be-1b951587f626: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace inclusions",
    - description: "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
    },
  - defaultValue: []
  },
- labelSelector-d2e7ea85-6b44-4317-a0be-1b951587f626: {3 items
  - type: "Object",
  - metadata: {2 items
    - displayName: "Kubernetes label selector",
    - description: "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
    },
  - defaultValue: {}
  },
- excludedContainers-d2e7ea85-6b44-4317-a0be-1b951587f626: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Containers exclusions",
    - description: "The list of InitContainers and Containers to exclude from policy evaluation. The identify is the name of container. Use an empty list to apply this policy to all containers in all namespaces."
    },
  - defaultValue: []
  },
- excludedImages-d2e7ea85-6b44-4317-a0be-1b951587f626: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "Image exclusions",
    - description: "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
    - portalReview: true
    },
  - defaultValue: []
  },
- effect-13a6c84f-49a5-410a-b5df-5b880c3fe009: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-057ef27e-665e-4328-8ea3-04b3122bd9fb: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- subnetId-77e8b146-0078-4fb2-b002-e112381199f0: {3 items
  - type: "String",
  - metadata: {4 items
    - displayName: "[Deprecated]: Subnet ID",
    - strongType: "Microsoft.Network/virtualNetworks/subnets",
    - description: "The resource ID of the virtual network subnet that should have a rule enabled. Example: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet",
    - deprecated: true
    },
  - defaultValue: ""
  },
- effect-d31e5c31-63b2-4f12-887b-e49456834fa1: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-0e6763cc-5078-4e64-889d-ff4d9a839047: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-b4dec045-250a-48c2-b5cc-e0c4eec8b5b4: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-b52376f7-9612-48a1-81cd-1ffe4b61032c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-12430be1-6cc8-4527-a9a8-e3d38f250096: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Mode Requirement",
    - description: "Mode required for all WAF policies"
    },
  - allowedValues: [2 items
    - "Prevention",
    - "Detection"
    ],
  - defaultValue: "Detection"
  },
- effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-549814b6-3212-4203-bdc8-1548d342fb67: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- maximumDaysToRotate-d8cf8476-a2ec-4916-896e-992351803c44: {3 items
  - type: "Integer",
  - metadata: {2 items
    - displayName: "The maximum days to rotate",
    - description: "The maximum number of days after key creation until it must be rotated."
    },
  - defaultValue: 30
  },
- effect-d8cf8476-a2ec-4916-896e-992351803c44: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-b02aacc0-b073-424e-8298-42b22829ee0a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-245fc9df-fa96-4414-9a0b-3738c2f7341c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-245fc9df-fa96-4414-9a0b-3738c2f7341c: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention (in days)"
    },
  - defaultValue: "365"
  },
- effect-af99038c-02fd-4a2f-ac24-386b62bf32de: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-22730e10-96f6-4aac-ad84-9383d35b5917: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-044985bb-afe1-42cd-8a36-9d5d42424537: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-ea4d6841-2173-4317-9747-ff522a45120f: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-abda6d70-9778-44e7-84a8-06713e6db027: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-090c7b07-b4ed-4561-ad20-e9075f3ccaff: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "[Deprecated]: Optional: List of virtual machine images that have supported Windows OS to add to scope",
    - description: "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'",
    - deprecated: true
    },
  - defaultValue: []
  },
- listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138: {3 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "[Deprecated]: Optional: List of virtual machine images that have supported Linux OS to add to scope",
    - description: "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'",
    - deprecated: true
    },
  - defaultValue: []
  },
- effect-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- effect-0564d078-92f5-4f97-8398-b9f58a51f70b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-17f4b1cc-c55c-4d94-b1f9-2978f6ac2957: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-0a1302fb-a631-4106-9753-f3d494733990: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-b954148f-4c11-4c38-8221-be76711e194a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- operationName-b954148f-4c11-4c38-8221-be76711e194a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Operation Name",
    - description: "Administrative Operation name for which activity log alert should be configured"
    },
  - allowedValues: [10 items
    - "Microsoft.Sql/servers/firewallRules/write",
    - "Microsoft.Sql/servers/firewallRules/delete",
    - "Microsoft.Network/networkSecurityGroups/write",
    - "Microsoft.Network/networkSecurityGroups/delete",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/write",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/delete",
    - "Microsoft.Network/networkSecurityGroups/securityRules/write",
    - "Microsoft.Network/networkSecurityGroups/securityRules/delete",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"
    ],
  - defaultValue: "Microsoft.Sql/servers/firewallRules/write"
  },
- IncludeArcMachines-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network access: Remotely accessible registry paths",
    - description: "Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
    },
  - defaultValue: "System\CurrentControlSet\Control\ProductOptions|#|System\CurrentControlSet\Control\Server Applications|#|Software\Microsoft\Windows NT\CurrentVersion"
  },
- NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network access: Remotely accessible registry paths and sub-paths",
    - description: "Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
    },
  - defaultValue: "System\CurrentControlSet\Control\Print\Printers|#|System\CurrentControlSet\Services\Eventlog|#|Software\Microsoft\OLAP Server|#|Software\Microsoft\Windows NT\CurrentVersion\Print|#|Software\Microsoft\Windows NT\CurrentVersion\Windows|#|System\CurrentControlSet\Control\ContentIndex|#|System\CurrentControlSet\Control\Terminal Server|#|System\CurrentControlSet\Control\Terminal Server\UserConfig|#|System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration|#|Software\Microsoft\Windows NT\CurrentVersion\Perflib|#|System\CurrentControlSet\Services\SysmonLog"
  },
- NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Network access: Shares that can be accessed anonymously",
    - description: "Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server."
    },
  - defaultValue: "0"
  },
- effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-0fea8f8a-4169-495d-8307-30ec335f387d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effects-f110a506-2dcb-422e-bcea-d533fc8c35e2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect",
    - description: "The effect determines what happens when the policy rule is evaluated to match."
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-bfecdea6-31c4-4045-ad42-71b9dc87247d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-19dd1db6-f442-49cf-a838-b0786b4401ef: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-d9844e8a-1437-4aeb-a32c-0c992f056095: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- IncludeArcMachines-ee984370-154a-4ee8-9726-19d900e56fc0: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- AccountsGuestAccountStatus-ee984370-154a-4ee8-9726-19d900e56fc0: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Accounts: Guest account status",
    - description: "Specifies whether the local Guest account is disabled."
    },
  - defaultValue: "0"
  },
- effect-ee984370-154a-4ee8-9726-19d900e56fc0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-1f90fc71-a595-4066-8974-d4d0802e8ef0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-f85bf3e0-d513-442e-89c3-1784ad63382b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-78215662-041e-49ed-a9dd-5385911b3a1f: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-df73bd95-24da-4a4f-96b9-4e8b94b402bd: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- endpointType-df73bd95-24da-4a4f-96b9-4e8b94b402bd: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Public Endpoint Type",
    - description: "Public Endpoint Type for which to enforce the access check"
    },
  - allowedValues: [3 items
    - "Management",
    - "Git",
    - "Gateway Configuration"
    ],
  - defaultValue: "Management"
  },
- effect-1c988dd6-ade4-430f-a608-2a3e5b0a6d38: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-d550e854-df1a-4de9-bf44-cd894b39a95e: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-1dc2fc00-2245-4143-99f4-874c937f13ef: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-051cba44-2429-45b9-9649-46cec11c7119: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-672fe5a1-2fcd-42d7-b85d-902b6e28c6ff: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-e71308d3-144b-4262-b144-efdc3cc90517: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7: {3 items
  - type: "String",
  - metadata: {4 items
    - displayName: "[Deprecated]: Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true",
    - deprecated: true
    },
  - defaultValue: ""
  },
- MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7: {3 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Members to include",
    - description: "A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2",
    - deprecated: true
    },
  - defaultValue: ""
  },
- effect-5d4e3c65-4873-47be-94f3-6f8b953a3598: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-c3d20c29-b36d-48fe-808b-99a87530ad99: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-6c53d030-cc64-46f0-906d-2bc061cd1334: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-8405fdab-1faf-48aa-b702-999c9c172094: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-b5ec538c-daa0-4006-8596-35468b9148e8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-21a6bc25-125e-4d13-b82d-2e19b7208ab7: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-6ba6d016-e7c3-4842-b8f2-4992ebc0d72d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-1bc02227-0cb6-4e11-8f53-eb0b22eab7e8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- maximumValidityInMonths-0a075868-4c26-42ef-914c-5bc007359560: {3 items
  - type: "Integer",
  - metadata: {2 items
    - displayName: "The maximum validity in months",
    - description: "The limit to how long a certificate may be valid for. Certificates with lengthy validity periods aren't best practice."
    },
  - defaultValue: 12
  },
- effect-0a075868-4c26-42ef-914c-5bc007359560: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-56fd377d-098c-4f02-8406-81eb055902b8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- listOfImageIdToInclude_windows-e2dd799a-a932-4e9d-ac17-d473bc3c6c10: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Optional: List of virtual machine images that have supported Windows OS to add to scope",
    - description: "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
    },
  - defaultValue: []
  },
- listOfImageIdToInclude_linux-e2dd799a-a932-4e9d-ac17-d473bc3c6c10: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Optional: List of virtual machine images that have supported Linux OS to add to scope",
    - description: "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
    },
  - defaultValue: []
  },
- effect-e2dd799a-a932-4e9d-ac17-d473bc3c6c10: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-deeddb44-9f94-4903-9fa0-081d524406e3: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- source-9f061a12-e40d-4183-a00e-171812443373: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Source",
    - description: "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
    },
  - allowedValues: [3 items
    - "All",
    - "Generated",
    - "Original"
    ],
  - defaultValue: "Original"
  },
- warn-9f061a12-e40d-4183-a00e-171812443373: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Warn",
    - description: "Whether or not to return warnings back to the user in the kubectl cli"
    },
  - defaultValue: false
  },
- effect-9f061a12-e40d-4183-a00e-171812443373: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- excludedNamespaces-9f061a12-e40d-4183-a00e-171812443373: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace exclusions",
    - description: "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces "kube-system", "gatekeeper-system" and "azure-arc" are always excluded by design. "azure-extensions-usage-system" is optional to remove."
    },
  - defaultValue: [4 items
    - "kube-system",
    - "gatekeeper-system",
    - "azure-arc",
    - "azure-extensions-usage-system"
    ]
  },
- namespaces-9f061a12-e40d-4183-a00e-171812443373: {3 items
  - type: "Array",
  - metadata: {2 items
    - displayName: "Namespace inclusions",
    - description: "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
    },
  - defaultValue: [1 item
    - "default"
    ]
  },
- labelSelector-9f061a12-e40d-4183-a00e-171812443373: {3 items
  - type: "Object",
  - metadata: {2 items
    - displayName: "Kubernetes label selector",
    - description: "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
    },
  - defaultValue: {}
  }
},
policyDefinitions: [216 items
- {5 items
  - policyDefinitionReferenceId: "81e74cea-30fd-40d5-802f-d72103c2aaaa",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-81e74cea-30fd-40d5-802f-d72103c2aaaa')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f655e522-adff-494d-95c2-52d4f6d56a42",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets ,
  - definitionVersion: 3.*.*-preview3.1.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-f655e522-adff-494d-95c2-52d4f6d56a42')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "40e85574-ef33-47e8-a854-7a65c7500560",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-40e85574-ef33-47e8-a854-7a65c7500560')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords ,
  - definitionVersion: 3.*.*3.1.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3b980d31-7904-4bb7-8575-5665739a8052",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-3b980d31-7904-4bb7-8575-5665739a8052')]"
      },
    - operationName: {1 item
      - value: "[parameters('operationName-3b980d31-7904-4bb7-8575-5665739a8052')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c251913d-7d24-4958-af87-478ed3b9ba41",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-c251913d-7d24-4958-af87-478ed3b9ba41')]"
      }
    },
  - groupNames: [4 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "47031206-ce96-41f8-861b-6a915f3de284",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) ,
  - definitionVersion: 1.*.*-preview1.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-47031206-ce96-41f8-861b-6a915f3de284')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6b2122c1-8120-4ff5-801b-17625a355590",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-6b2122c1-8120-4ff5-801b-17625a355590')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a1817ec0-a368-432a-8057-8371e17ac6ee",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-a1817ec0-a368-432a-8057-8371e17ac6ee')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2913021d-f2fd-4f3d-b958-22354e2bdbcb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled ,
  - definitionVersion: 1.*.*1.0.3,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0a15ec92-a229-4763-bb14-0ea34a568f8d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0a15ec92-a229-4763-bb14-0ea34a568f8d')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0e60b895-3786-45da-8377-9c6b4b6ac5f9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a2a5b911-5617-447e-a49e-59dbe0e0434b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-a2a5b911-5617-447e-a49e-59dbe0e0434b')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-a2a5b911-5617-447e-a49e-59dbe0e0434b')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7804b5c7-01dc-4723-969b-ae300cc07ff1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7804b5c7-01dc-4723-969b-ae300cc07ff1')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "055aa869-bc98-4af8-bafc-23f1ab6ffe2c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a1181c5f-672a-477a-979a-7d58aa086233",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-a1181c5f-672a-477a-979a-7d58aa086233')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3e596b57-105f-48a6-be97-03e9243bad6e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-3e596b57-105f-48a6-be97-03e9243bad6e')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3dc5edcd-002d-444c-b216-e123bbfa37c0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-3dc5edcd-002d-444c-b216-e123bbfa37c0')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8af8f826-edcb-4178-b35f-851ea6fea615",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-8af8f826-edcb-4178-b35f-851ea6fea615')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "501541f7-f7e7-4cd6-868c-4190fdad3ac9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c26596ff-4d70-4e6a-9a30-c2506bd2f80c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities ,
  - definitionVersion: 6.*.*6.2.0,
  - parameters: {10 items
    - source: {1 item
      - value: "[parameters('source-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      },
    - warn: {1 item
      - value: "[parameters('warn-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      },
    - excludedNamespaces: {1 item
      - value: "[parameters('excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      },
    - namespaces: {1 item
      - value: "[parameters('namespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      },
    - labelSelector: {1 item
      - value: "[parameters('labelSelector-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      },
    - allowedCapabilities: {1 item
      - value: "[parameters('allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      },
    - requiredDropCapabilities: {1 item
      - value: "[parameters('requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      },
    - excludedContainers: {1 item
      - value: "[parameters('excludedContainers-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      },
    - excludedImages: {1 item
      - value: "[parameters('excludedImages-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
      }
    },
  - groupNames: [4 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7ff426e2-515f-405a-91c8-4f2333442eb5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7ff426e2-515f-405a-91c8-4f2333442eb5')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "98728c90-32c7-4049-8429-847dc0f4fe37",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-98728c90-32c7-4049-8429-847dc0f4fe37')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5450f5bd-9c72-4390-a9c4-a7aba4edfdd2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2')]"
      }
    },
  - groupNames: [6 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.3",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "33936777-f2ac-45aa-82ec-07958ec9ade4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {3 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-33936777-f2ac-45aa-82ec-07958ec9ade4')]"
      },
    - AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits: {1 item
      - value: "[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits-33936777-f2ac-45aa-82ec-07958ec9ade4')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-33936777-f2ac-45aa-82ec-07958ec9ade4')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "83a214f7-d01a-484b-91a9-ed54470c9a6a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-83a214f7-d01a-484b-91a9-ed54470c9a6a')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3ac7c827-eea2-4bde-acc7-9568cd320efa",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-3ac7c827-eea2-4bde-acc7-9568cd320efa')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "18adea5e-f416-4d0f-8aa8-d24321e3e274",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 1.*.*1.0.4,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-18adea5e-f416-4d0f-8aa8-d24321e3e274')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0fdf0491-d080-4575-b627-ad0e843cba0f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0fdf0491-d080-4575-b627-ad0e843cba0f')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "afe0c3be-ba3b-4544-ba52-0c99672a8ad6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-afe0c3be-ba3b-4544-ba52-0c99672a8ad6')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1221c620-d201-468c-81e7-2817e6107e84",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {7 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-1221c620-d201-468c-81e7-2817e6107e84')]"
      },
    - NetworkSecurityConfigureEncryptionTypesAllowedForKerberos: {1 item
      - value: "[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84')]"
      },
    - NetworkSecurityLANManagerAuthenticationLevel: {1 item
      - value: "[parameters('NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84')]"
      },
    - NetworkSecurityLDAPClientSigningRequirements: {1 item
      - value: "[parameters('NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84')]"
      },
    - NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients: {1 item
      - value: "[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84')]"
      },
    - NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers: {1 item
      - value: "[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-1221c620-d201-468c-81e7-2817e6107e84')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "404c3081-a854-4457-ae30-26a93ef643f9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-404c3081-a854-4457-ae30-26a93ef643f9')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0049a6b3-a662-4f3e-8635-39cf44ace45a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0049a6b3-a662-4f3e-8635-39cf44ace45a')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "87845465-c458-45f3-af66-dcd62176f397",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-87845465-c458-45f3-af66-dcd62176f397')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-87845465-c458-45f3-af66-dcd62176f397')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "efbde977-ba53-4479-b8e9-10b957924fbf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-efbde977-ba53-4479-b8e9-10b957924fbf')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e6955644-301c-44b5-a4c4-528577de6861",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 ,
  - definitionVersion: 3.*.*3.1.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-e6955644-301c-44b5-a4c4-528577de6861')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-e6955644-301c-44b5-a4c4-528577de6861')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1b8ca024-1d5c-4dec-8995-b1a932b41780",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1b8ca024-1d5c-4dec-8995-b1a932b41780')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity ,
  - definitionVersion: 3.*.*3.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1afada58-8b34-7ac2-a38a-983218635201",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1afada58-8b34-7ac2-a38a-983218635201')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f4b53539-8df9-40e4-86c6-6b607703bd4e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-f4b53539-8df9-40e4-86c6-6b607703bd4e')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f71be03e-e25b-4d0f-b8bc-9b3e309b66c0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {3 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0')]"
      },
    - RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders: {1 item
      - value: "[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "df49d893-a74c-421d-bc95-c663042e5b80",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system ,
  - definitionVersion: 6.*.*6.3.0,
  - parameters: {8 items
    - source: {1 item
      - value: "[parameters('source-df49d893-a74c-421d-bc95-c663042e5b80')]"
      },
    - warn: {1 item
      - value: "[parameters('warn-df49d893-a74c-421d-bc95-c663042e5b80')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-df49d893-a74c-421d-bc95-c663042e5b80')]"
      },
    - excludedNamespaces: {1 item
      - value: "[parameters('excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80')]"
      },
    - namespaces: {1 item
      - value: "[parameters('namespaces-df49d893-a74c-421d-bc95-c663042e5b80')]"
      },
    - labelSelector: {1 item
      - value: "[parameters('labelSelector-df49d893-a74c-421d-bc95-c663042e5b80')]"
      },
    - excludedContainers: {1 item
      - value: "[parameters('excludedContainers-df49d893-a74c-421d-bc95-c663042e5b80')]"
      },
    - excludedImages: {1 item
      - value: "[parameters('excludedImages-df49d893-a74c-421d-bc95-c663042e5b80')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0aa61e00-0a01-4a3c-9945-e93cffedf0e6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "75c4f823-d65c-4f29-a733-01d0077fdbcb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {2 items
    - allowedKeyTypes: {1 item
      - value: "[parameters('allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-75c4f823-d65c-4f29-a733-01d0077fdbcb')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c43e4a30-77cb-48ab-a4dd-93f175c63b57",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1a4e592a-6a6e-44a5-9814-e36264ca96e7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "423dd1ba-798e-40e4-9c4d-b6902674b423",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials ,
  - definitionVersion: 4.*.*4.2.0,
  - parameters: {7 items
    - source: {1 item
      - value: "[parameters('source-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
      },
    - warn: {1 item
      - value: "[parameters('warn-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
      },
    - excludedImages: {1 item
      - value: "[parameters('excludedImages-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
      },
    - excludedNamespaces: {1 item
      - value: "[parameters('excludedNamespaces-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
      },
    - namespaces: {1 item
      - value: "[parameters('namespaces-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
      },
    - labelSelector: {1 item
      - value: "[parameters('labelSelector-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "428256e6-1fac-4f48-a757-df34c2b3336d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-428256e6-1fac-4f48-a757-df34c2b3336d')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-428256e6-1fac-4f48-a757-df34c2b3336d')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2158ddbe-fefa-408e-b43f-d4faef8ff3b8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation ,
  - definitionVersion: 1.*.*1.2.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-2158ddbe-fefa-408e-b43f-d4faef8ff3b8')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "797b37f7-06b8-444c-b1ad-fc62867f335a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-797b37f7-06b8-444c-b1ad-fc62867f335a')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {4 items
  - policyDefinitionReferenceId: "0a914e76-4921-4c19-b460-a2d36003525a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location ,
  - definitionVersion: 2.*.*2.0.0,
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "22bee202-a82f-4305-9a2a-6d7f44d4dedb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6e2593d9-add6-4083-9c9b-4b7d2188c899",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled ,
  - definitionVersion: 1.*.*1.2.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-6e2593d9-add6-4083-9c9b-4b7d2188c899')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.3",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "94d9aca8-3757-46df-aa51-f218c5f11954",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-94d9aca8-3757-46df-aa51-f218c5f11954')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-94d9aca8-3757-46df-aa51-f218c5f11954')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9daedab3-fb2d-461e-b861-71790eead4f6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-9daedab3-fb2d-461e-b861-71790eead4f6')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2d21331d-a4c2-4def-a9ad-ee4e1e023beb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-2d21331d-a4c2-4def-a9ad-ee4e1e023beb')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "56a5ee18-2ae6-4810-86f7-18e39ce5629b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3d2a3320-2a72-4c67-ac5f-caa40fbee2b2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2')]"
      },
    - Members: {1 item
      - value: "[parameters('Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bf16e0bb-31e1-4646-8202-60a235cc7e74",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-bf16e0bb-31e1-4646-8202-60a235cc7e74')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-bf16e0bb-31e1-4646-8202-60a235cc7e74')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8dfab9c4-fe7b-49ad-85e4-1e9be085358f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed ,
  - definitionVersion: 6.*.*-preview6.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "46aa9b05-0e60-4eae-a88b-1e9d374fa515",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services accounts should use customer owned storage ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-46aa9b05-0e60-4eae-a88b-1e9d374fa515')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "91a78b24-f231-4a8a-8da9-02c35b2b6510",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-91a78b24-f231-4a8a-8da9-02c35b2b6510')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-91a78b24-f231-4a8a-8da9-02c35b2b6510')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3bc8a0d5-38e0-4a3d-a657-2cb64468fc34",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ca91455f-eace-4f96-be59-e6e2c35b4816",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ca91455f-eace-4f96-be59-e6e2c35b4816')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f4826e5f-6a27-407c-ae3e-9582eb39891d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d Authorization rules on the Event Hub instance should be defined ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-f4826e5f-6a27-407c-ae3e-9582eb39891d')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7803067c-7d34-46e3-8c79-0ca68fc4036d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7803067c-7d34-46e3-8c79-0ca68fc4036d')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "34c877ad-507e-4c82-993e-3452a6e0ad3c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-34c877ad-507e-4c82-993e-3452a6e0ad3c')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ab6a902f-9493-453b-928d-62c30b11b5a6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ab6a902f-9493-453b-928d-62c30b11b5a6')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "37e0d2fe-28a5-43d6-a273-67d37d1f5606",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3d9f5e4c-9947-4579-9539-2a7695fbc187",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-3d9f5e4c-9947-4579-9539-2a7695fbc187')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "009a0c92-f5b4-4776-9b66-4ed2b4775563",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-009a0c92-f5b4-4776-9b66-4ed2b4775563')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "87ba29ef-1ab3-4d82-b763-87fcd4f531f7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "fb893a29-21bb-418c-a157-e99480ec364c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-fb893a29-21bb-418c-a157-e99480ec364c')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2b9ad585-36bc-4615-b300-fd4435808332",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-2b9ad585-36bc-4615-b300-fd4435808332')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "67e010c1-640d-438e-a3a5-feaccb533a98",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {5 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-67e010c1-640d-438e-a3a5-feaccb533a98')]"
      },
    - EnableInsecureGuestLogons: {1 item
      - value: "[parameters('EnableInsecureGuestLogons-67e010c1-640d-438e-a3a5-feaccb533a98')]"
      },
    - AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain: {1 item
      - value: "[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain-67e010c1-640d-438e-a3a5-feaccb533a98')]"
      },
    - TurnOffMulticastNameResolution: {1 item
      - value: "[parameters('TurnOffMulticastNameResolution-67e010c1-640d-438e-a3a5-feaccb533a98')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-67e010c1-640d-438e-a3a5-feaccb533a98')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "af35e2a4-ef96-44e7-a9ae-853dd97032c4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection ,
  - definitionVersion: 1.*.*1.2.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4')]"
      },
    - evaluatedSkuNames: {1 item
      - value: "[parameters('evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2393d2cf-a342-44cd-a2e2-fe0188fd1234",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-2393d2cf-a342-44cd-a2e2-fe0188fd1234')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b8564268-eb4a-4337-89be-a19db070c59d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-b8564268-eb4a-4337-89be-a19db070c59d')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.8",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4fa4b6c0-31ca-4c0d-b10d-24b96f62a751",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed ,
  - definitionVersion: 3.*.*-preview3.1.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Assess risk in third party relationships ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "55615ac9-af46-4a59-874e-391cc3dfb490",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled ,
  - definitionVersion: 3.*.*3.3.0,
  - parameters: {4 items
    - effect: {1 item
      - value: "[parameters('effect-55615ac9-af46-4a59-874e-391cc3dfb490')]"
      },
    - restrictIPAddresses: {1 item
      - value: "[parameters('restrictIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490')]"
      },
    - allowedIPAddresses: {1 item
      - value: "[parameters('allowedIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490')]"
      },
    - forbiddenIPAddresses: {1 item
      - value: "[parameters('forbiddenIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c4857be7-912a-4c75-87e6-e30292bcdf78",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*-preview1.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-c4857be7-912a-4c75-87e6-e30292bcdf78')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "11ac78e3-31bc-4f0c-8434-37ab963cea07",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {3 items
    - listOfImageIdToInclude_windows: {1 item
      - value: "[parameters('listOfImageIdToInclude_windows-11ac78e3-31bc-4f0c-8434-37ab963cea07')]"
      },
    - listOfImageIdToInclude_linux: {1 item
      - value: "[parameters('listOfImageIdToInclude_linux-11ac78e3-31bc-4f0c-8434-37ab963cea07')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-11ac78e3-31bc-4f0c-8434-37ab963cea07')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4ceb8dc2-559c-478b-a15b-733fbf1e3738",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {3 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-4ceb8dc2-559c-478b-a15b-733fbf1e3738')]"
      },
    - MaximumPasswordAge: {1 item
      - value: "[parameters('MaximumPasswordAge-4ceb8dc2-559c-478b-a15b-733fbf1e3738')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-4ceb8dc2-559c-478b-a15b-733fbf1e3738')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ae5d2f14-d830-42b6-9899-df6cfe9c71a3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ae5d2f14-d830-42b6-9899-df6cfe9c71a3')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a1840de2-8088-4ea8-b153-b4c723e9cb01",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-a1840de2-8088-4ea8-b153-b4c723e9cb01')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "fa498b91-8a7e-4710-9578-da944c68d1fe",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled ,
  - definitionVersion: 1.*.*-preview1.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-fa498b91-8a7e-4710-9578-da944c68d1fe')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7796937f-307b-4598-941c-67d3a05ebfe7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7796937f-307b-4598-941c-67d3a05ebfe7')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ff25f3c8-b739-4538-9d07-3d6d25cfb255",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {2 items
    - allowedECNames: {1 item
      - value: "[parameters('allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4c3c6c5f-0d47-4402-99b8-aa543dd8bcee",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-4c3c6c5f-0d47-4402-99b8-aa543dd8bcee')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d6759c02-b87f-42b7-892e-71b3f471d782",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-d6759c02-b87f-42b7-892e-71b3f471d782')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e068b215-0026-4354-b347-8fb2766f73a2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {19 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersOrGroupsThatMayAccessThisComputerFromTheNetwork: {1 item
      - value: "[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersOrGroupsThatMayLogOnLocally: {1 item
      - value: "[parameters('UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices: {1 item
      - value: "[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork: {1 item
      - value: "[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersOrGroupsThatMayManageAuditingAndSecurityLog: {1 item
      - value: "[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersOrGroupsThatMayBackUpFilesAndDirectories: {1 item
      - value: "[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersOrGroupsThatMayChangeTheSystemTime: {1 item
      - value: "[parameters('UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersOrGroupsThatMayChangeTheTimeZone: {1 item
      - value: "[parameters('UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersOrGroupsThatMayCreateATokenObject: {1 item
      - value: "[parameters('UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob: {1 item
      - value: "[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersAndGroupsThatAreDeniedLoggingOnAsAService: {1 item
      - value: "[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersAndGroupsThatAreDeniedLocalLogon: {1 item
      - value: "[parameters('UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices: {1 item
      - value: "[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UserAndGroupsThatMayForceShutdownFromARemoteSystem: {1 item
      - value: "[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersAndGroupsThatMayRestoreFilesAndDirectories: {1 item
      - value: "[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersAndGroupsThatMayShutDownTheSystem: {1 item
      - value: "[parameters('UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects: {1 item
      - value: "[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-e068b215-0026-4354-b347-8fb2766f73a2')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5e1de0e3-42cb-4ebc-a86d-61d0c619ca48",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers ,
  - definitionVersion: 3.*.*3.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d26f7642-7545-4e18-9b75-8c9bbdee3a9a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "97566dd7-78ae-4997-8b36-1c7bfe0d8121",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines ,
  - definitionVersion: 4.*.*-preview4.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-97566dd7-78ae-4997-8b36-1c7bfe0d8121')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6581d072-105e-4418-827f-bd446d56421b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-6581d072-105e-4418-827f-bd446d56421b')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c9d007d0-c057-4772-b18c-01e546713bcd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-c9d007d0-c057-4772-b18c-01e546713bcd')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ae89ebca-1c92-4898-ac2c-9f63decb045c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines ,
  - definitionVersion: 1.*.*1.0.3,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ae89ebca-1c92-4898-ac2c-9f63decb045c')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "2a7a701e-dff3-4da9-9ec5-42cb98594c0b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {4 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
      },
    - AuditAuthenticationPolicyChange: {1 item
      - value: "[parameters('AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
      },
    - AuditAuthorizationPolicyChange: {1 item
      - value: "[parameters('AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "492a29ed-d143-4f03-b6a4-705ce081b463",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {6 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-492a29ed-d143-4f03-b6a4-705ce081b463')]"
      },
    - UACAdminApprovalModeForTheBuiltinAdministratorAccount: {1 item
      - value: "[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463')]"
      },
    - UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode: {1 item
      - value: "[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463')]"
      },
    - UACDetectApplicationInstallationsAndPromptForElevation: {1 item
      - value: "[parameters('UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463')]"
      },
    - UACRunAllAdministratorsInAdminApprovalMode: {1 item
      - value: "[parameters('UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-492a29ed-d143-4f03-b6a4-705ce081b463')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "35d9882c-993d-44e6-87d2-db66ce21b636",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {20 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallDomainUseProfileSettings: {1 item
      - value: "[parameters('WindowsFirewallDomainUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallDomainBehaviorForOutboundConnections: {1 item
      - value: "[parameters('WindowsFirewallDomainBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallDomainApplyLocalConnectionSecurityRules: {1 item
      - value: "[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallDomainApplyLocalFirewallRules: {1 item
      - value: "[parameters('WindowsFirewallDomainApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallDomainDisplayNotifications: {1 item
      - value: "[parameters('WindowsFirewallDomainDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPrivateUseProfileSettings: {1 item
      - value: "[parameters('WindowsFirewallPrivateUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPrivateBehaviorForOutboundConnections: {1 item
      - value: "[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPrivateApplyLocalConnectionSecurityRules: {1 item
      - value: "[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPrivateApplyLocalFirewallRules: {1 item
      - value: "[parameters('WindowsFirewallPrivateApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPrivateDisplayNotifications: {1 item
      - value: "[parameters('WindowsFirewallPrivateDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPublicUseProfileSettings: {1 item
      - value: "[parameters('WindowsFirewallPublicUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPublicBehaviorForOutboundConnections: {1 item
      - value: "[parameters('WindowsFirewallPublicBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPublicApplyLocalConnectionSecurityRules: {1 item
      - value: "[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPublicApplyLocalFirewallRules: {1 item
      - value: "[parameters('WindowsFirewallPublicApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPublicDisplayNotifications: {1 item
      - value: "[parameters('WindowsFirewallPublicDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallDomainAllowUnicastResponse: {1 item
      - value: "[parameters('WindowsFirewallDomainAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPrivateAllowUnicastResponse: {1 item
      - value: "[parameters('WindowsFirewallPrivateAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - WindowsFirewallPublicAllowUnicastResponse: {1 item
      - value: "[parameters('WindowsFirewallPublicAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-35d9882c-993d-44e6-87d2-db66ce21b636')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c9299215-ae47-4f50-9c54-8a392f68a052",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers ,
  - definitionVersion: 2.*.*2.3.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-c9299215-ae47-4f50-9c54-8a392f68a052')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "60d21c4f-21a3-4d94-85f4-b924e6aeeda4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-60d21c4f-21a3-4d94-85f4-b924e6aeeda4')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "11e3da8c-1d68-4392-badd-0ff3c43ab5b0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link ,
  - definitionVersion: 1.*.*-preview1.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-11e3da8c-1d68-4392-badd-0ff3c43ab5b0')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7698e800-9299-47a6-b3b6-5a0fee576eed",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7698e800-9299-47a6-b3b6-5a0fee576eed')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "383856f8-de7f-44a2-81fc-e5135b5c2aa4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled ,
  - definitionVersion: 3.*.*3.1.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "adbe85b5-83e6-4350-ab58-bf3a4f736e5e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0820b7b9-23aa-4725-a1ce-ae4558f718e5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c39ba22d-4428-4149-b981-70acb31fc383",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-c39ba22d-4428-4149-b981-70acb31fc383')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace ,
  - definitionVersion: 5.*.*5.2.0,
  - parameters: {7 items
    - source: {1 item
      - value: "[parameters('source-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
      },
    - warn: {1 item
      - value: "[parameters('warn-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
      },
    - excludedNamespaces: {1 item
      - value: "[parameters('excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
      },
    - namespaces: {1 item
      - value: "[parameters('namespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
      },
    - labelSelector: {1 item
      - value: "[parameters('labelSelector-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
      },
    - excludedImages: {1 item
      - value: "[parameters('excludedImages-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e345b6c3-24bd-4c93-9bbb-7e5e49a17b78",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-e345b6c3-24bd-4c93-9bbb-7e5e49a17b78')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled ,
  - definitionVersion: 3.*.*3.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c5447c04-a4d7-4ba8-a263-c9ee321a6858",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858')]"
      },
    - operationName: {1 item
      - value: "[parameters('operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1c30f9cd-b84c-49cc-aa2c-9288447cc3b3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines ,
  - definitionVersion: 2.*.*-preview2.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1c30f9cd-b84c-49cc-aa2c-9288447cc3b3')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1cb4d9c2-f88f-4069-bee0-dba239a57b09",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines ,
  - definitionVersion: 4.*.*-preview4.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1cb4d9c2-f88f-4069-bee0-dba239a57b09')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f2143251-70de-4e81-87a8-36cee5a2f29d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {7 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
      },
    - EnforcePasswordHistory: {1 item
      - value: "[parameters('EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
      },
    - MaximumPasswordAge: {1 item
      - value: "[parameters('MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
      },
    - MinimumPasswordAge: {1 item
      - value: "[parameters('MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
      },
    - MinimumPasswordLength: {1 item
      - value: "[parameters('MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
      },
    - PasswordMustMeetComplexityRequirements: {1 item
      - value: "[parameters('PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cf820ca0-f99e-4f3e-84fb-66e913812d21",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-cf820ca0-f99e-4f3e-84fb-66e913812d21')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "146412e9-005c-472b-9e48-c87b72ac229e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-146412e9-005c-472b-9e48-c87b72ac229e')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "72650e9f-97bc-4b2a-ab5f-9781a9fcecbc",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "32e6bbec-16b6-44c2-be37-c5b672d103cf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-32e6bbec-16b6-44c2-be37-c5b672d103cf')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bd876905-5b84-4f73-ab2d-2e7a7c4568d9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates ,
  - definitionVersion: 3.*.*3.8.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-bd876905-5b84-4f73-ab2d-2e7a7c4568d9')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "34f95f76-5386-4de7-b824-0d8478470c9d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled ,
  - definitionVersion: 5.*.*5.1.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-34f95f76-5386-4de7-b824-0d8478470c9d')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8ac833bd-f505-48d5-887e-c993a1d3eea0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-8ac833bd-f505-48d5-887e-c993a1d3eea0')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
      },
    - setting: {1 item
      - value: "[parameters('setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ac01ad65-10e5-46df-bdd9-6b0cad13e1d2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e15effd4-2278-4c65-a0da-4d6f6d1890e2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e15effd4-2278-4c65-a0da-4d6f6d1890e2 Log Analytics Workspaces should block non-Azure Active Directory based ingestion. ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-e15effd4-2278-4c65-a0da-4d6f6d1890e2')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7926a6d1-b268-4586-8197-e8ae90c877d7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled ,
  - definitionVersion: 1.*.*1.0.3,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7926a6d1-b268-4586-8197-e8ae90c877d7')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "82067dbb-e53b-4e06-b631-546d197452d9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {2 items
    - minimumRSAKeySize: {1 item
      - value: "[parameters('minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-82067dbb-e53b-4e06-b631-546d197452d9')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a8793640-60f7-487c-b5c3-1d37215905c4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-a8793640-60f7-487c-b5c3-1d37215905c4')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "58383b73-94a9-4414-b382-4146eb02611b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {3 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-58383b73-94a9-4414-b382-4146eb02611b')]"
      },
    - AuditProcessTermination: {1 item
      - value: "[parameters('AuditProcessTermination-58383b73-94a9-4414-b382-4146eb02611b')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-58383b73-94a9-4414-b382-4146eb02611b')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0a370ff3-6cab-4e85-8995-295fd854c5b8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0a370ff3-6cab-4e85-8995-295fd854c5b8')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "caf2d518-f029-4f6b-833b-d7081702f253",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-caf2d518-f029-4f6b-833b-d7081702f253')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-caf2d518-f029-4f6b-833b-d7081702f253')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "06a78e20-9358-41c9-923c-fb736d382a4d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {},
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d63edb4a-c612-454d-b47d-191a724fcbf0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-d63edb4a-c612-454d-b47d-191a724fcbf0')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9dfea752-dd46-4766-aed1-c355fa93fb91",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-9dfea752-dd46-4766-aed1-c355fa93fb91')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ca88aadc-6e2b-416c-9de2-5a0f01d1693f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. ,
  - definitionVersion: 1.*.*1.2.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9b597639-28e4-48eb-b506-56b05d366257",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-9b597639-28e4-48eb-b506-56b05d366257')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "438c38d2-3772-465a-a9cc-7a6666a275ce",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-438c38d2-3772-465a-a9cc-7a6666a275ce')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "95bccee9-a7f8-4bec-9ee9-62c3473701fc",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc')]"
      }
    },
  - groupNames: [4 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a21f8c92-9e22-4f09-b759-50500d1d2dda",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets ,
  - definitionVersion: 5.*.*-preview5.1.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-a21f8c92-9e22-4f09-b759-50500d1d2dda')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "fdccbe47-f3e3-4213-ad5d-ea459b2fa077",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d2e7ea85-6b44-4317-a0be-1b951587f626",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities ,
  - definitionVersion: 5.*.*5.1.0,
  - parameters: {6 items
    - effect: {1 item
      - value: "[parameters('effect-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
      },
    - excludedNamespaces: {1 item
      - value: "[parameters('excludedNamespaces-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
      },
    - namespaces: {1 item
      - value: "[parameters('namespaces-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
      },
    - labelSelector: {1 item
      - value: "[parameters('labelSelector-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
      },
    - excludedContainers: {1 item
      - value: "[parameters('excludedContainers-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
      },
    - excludedImages: {1 item
      - value: "[parameters('excludedImages-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "13a6c84f-49a5-410a-b5df-5b880c3fe009",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components ,
  - definitionVersion: 1.*.*-preview1.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-13a6c84f-49a5-410a-b5df-5b880c3fe009')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "057ef27e-665e-4328-8ea3-04b3122bd9fb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-057ef27e-665e-4328-8ea3-04b3122bd9fb')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d31e5c31-63b2-4f12-887b-e49456834fa1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-d31e5c31-63b2-4f12-887b-e49456834fa1')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0e6763cc-5078-4e64-889d-ff4d9a839047",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled ,
  - definitionVersion: 1.*.*1.0.3,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0e6763cc-5078-4e64-889d-ff4d9a839047')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b4dec045-250a-48c2-b5cc-e0c4eec8b5b4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-b4dec045-250a-48c2-b5cc-e0c4eec8b5b4')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b52376f7-9612-48a1-81cd-1ffe4b61032c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-b52376f7-9612-48a1-81cd-1ffe4b61032c')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "12430be1-6cc8-4527-a9a8-e3d38f250096",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-12430be1-6cc8-4527-a9a8-e3d38f250096')]"
      },
    - modeRequirement: {1 item
      - value: "[parameters('modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096')]"
      }
    },
  - groupNames: [4 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0a9fbe0d-c5c4-4da8-87d8-f4fd77338835",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d8cf8476-a2ec-4916-896e-992351803c44",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {2 items
    - maximumDaysToRotate: {1 item
      - value: "[parameters('maximumDaysToRotate-d8cf8476-a2ec-4916-896e-992351803c44')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-d8cf8476-a2ec-4916-896e-992351803c44')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b02aacc0-b073-424e-8298-42b22829ee0a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-b02aacc0-b073-424e-8298-42b22829ee0a')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "245fc9df-fa96-4414-9a0b-3738c2f7341c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-245fc9df-fa96-4414-9a0b-3738c2f7341c')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-245fc9df-fa96-4414-9a0b-3738c2f7341c')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "af99038c-02fd-4a2f-ac24-386b62bf32de",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors ,
  - definitionVersion: 1.*.*-preview1.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-af99038c-02fd-4a2f-ac24-386b62bf32de')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "22730e10-96f6-4aac-ad84-9383d35b5917",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-22730e10-96f6-4aac-ad84-9383d35b5917')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "044985bb-afe1-42cd-8a36-9d5d42424537",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537 Storage account keys should not be expired ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-044985bb-afe1-42cd-8a36-9d5d42424537')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ea4d6841-2173-4317-9747-ff522a45120f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ea4d6841-2173-4317-9747-ff522a45120f')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d38668f5-d155-42c7-ab3d-9b57b50f8fbf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "abda6d70-9778-44e7-84a8-06713e6db027",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation ,
  - definitionVersion: 1.*.*1.2.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-abda6d70-9778-44e7-84a8-06713e6db027')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "090c7b07-b4ed-4561-ad20-e9075f3ccaff",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-090c7b07-b4ed-4561-ad20-e9075f3ccaff')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0564d078-92f5-4f97-8398-b9f58a51f70b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0564d078-92f5-4f97-8398-b9f58a51f70b')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "17f4b1cc-c55c-4d94-b1f9-2978f6ac2957",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-17f4b1cc-c55c-4d94-b1f9-2978f6ac2957')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c95c74d9-38fe-4f0d-af86-0c7d626a315c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0a1302fb-a631-4106-9753-f3d494733990",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0a1302fb-a631-4106-9753-f3d494733990')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b954148f-4c11-4c38-8221-be76711e194a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a')]"
      },
    - operationName: {1 item
      - value: "[parameters('operationName-b954148f-4c11-4c38-8221-be76711e194a')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {5 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
      },
    - NetworkAccessRemotelyAccessibleRegistryPaths: {1 item
      - value: "[parameters('NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
      },
    - NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths: {1 item
      - value: "[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
      },
    - NetworkAccessSharesThatCanBeAccessedAnonymously: {1 item
      - value: "[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0fea8f8a-4169-495d-8307-30ec335f387d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0fea8f8a-4169-495d-8307-30ec335f387d')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f110a506-2dcb-422e-bcea-d533fc8c35e2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates ,
  - definitionVersion: 1.*.*1.0.3,
  - parameters: {1 item
    - effects: {1 item
      - value: "[parameters('effects-f110a506-2dcb-422e-bcea-d533fc8c35e2')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bfecdea6-31c4-4045-ad42-71b9dc87247d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-bfecdea6-31c4-4045-ad42-71b9dc87247d')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "19dd1db6-f442-49cf-a838-b0786b4401ef",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-19dd1db6-f442-49cf-a838-b0786b4401ef')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d9844e8a-1437-4aeb-a32c-0c992f056095",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-d9844e8a-1437-4aeb-a32c-0c992f056095')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ee984370-154a-4ee8-9726-19d900e56fc0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {3 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-ee984370-154a-4ee8-9726-19d900e56fc0')]"
      },
    - AccountsGuestAccountStatus: {1 item
      - value: "[parameters('AccountsGuestAccountStatus-ee984370-154a-4ee8-9726-19d900e56fc0')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-ee984370-154a-4ee8-9726-19d900e56fc0')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1f90fc71-a595-4066-8974-d4d0802e8ef0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1f90fc71-a595-4066-8974-d4d0802e8ef0')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f85bf3e0-d513-442e-89c3-1784ad63382b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-f85bf3e0-d513-442e-89c3-1784ad63382b')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "78215662-041e-49ed-a9dd-5385911b3a1f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation ,
  - definitionVersion: 1.*.*1.2.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-78215662-041e-49ed-a9dd-5385911b3a1f')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "df73bd95-24da-4a4f-96b9-4e8b94b402bd",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-df73bd95-24da-4a4f-96b9-4e8b94b402bd')]"
      },
    - endpointType: {1 item
      - value: "[parameters('endpointType-df73bd95-24da-4a4f-96b9-4e8b94b402bd')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1c988dd6-ade4-430f-a608-2a3e5b0a6d38",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1c988dd6-ade4-430f-a608-2a3e5b0a6d38')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d550e854-df1a-4de9-bf44-cd894b39a95e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-d550e854-df1a-4de9-bf44-cd894b39a95e')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1dc2fc00-2245-4143-99f4-874c937f13ef",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1dc2fc00-2245-4143-99f4-874c937f13ef')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "051cba44-2429-45b9-9649-46cec11c7119",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-051cba44-2429-45b9-9649-46cec11c7119')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "672fe5a1-2fcd-42d7-b85d-902b6e28c6ff",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines ,
  - definitionVersion: 6.*.*-preview6.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-672fe5a1-2fcd-42d7-b85d-902b6e28c6ff')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e71308d3-144b-4262-b144-efdc3cc90517",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-e71308d3-144b-4262-b144-efdc3cc90517')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5d4e3c65-4873-47be-94f3-6f8b953a3598",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-5d4e3c65-4873-47be-94f3-6f8b953a3598')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66')]"
      }
    },
  - groupNames: [4 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c3d20c29-b36d-48fe-808b-99a87530ad99",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-c3d20c29-b36d-48fe-808b-99a87530ad99')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f9be5368-9bf5-4b84-9e0a-7850da98bb46",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6c53d030-cc64-46f0-906d-2bc061cd1334",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-6c53d030-cc64-46f0-906d-2bc061cd1334')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8405fdab-1faf-48aa-b702-999c9c172094",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-8405fdab-1faf-48aa-b702-999c9c172094')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b5ec538c-daa0-4006-8596-35468b9148e8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-b5ec538c-daa0-4006-8596-35468b9148e8')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "21a6bc25-125e-4d13-b82d-2e19b7208ab7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-21a6bc25-125e-4d13-b82d-2e19b7208ab7')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6ba6d016-e7c3-4842-b8f2-4992ebc0d72d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-6ba6d016-e7c3-4842-b8f2-4992ebc0d72d')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1bc02227-0cb6-4e11-8f53-eb0b22eab7e8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1bc02227-0cb6-4e11-8f53-eb0b22eab7e8')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0a075868-4c26-42ef-914c-5bc007359560",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period ,
  - definitionVersion: 2.*.*2.2.1,
  - parameters: {2 items
    - maximumValidityInMonths: {1 item
      - value: "[parameters('maximumValidityInMonths-0a075868-4c26-42ef-914c-5bc007359560')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-0a075868-4c26-42ef-914c-5bc007359560')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "56fd377d-098c-4f02-8406-81eb055902b8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-56fd377d-098c-4f02-8406-81eb055902b8')]"
      }
    },
  - groupNames: [1 item
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "e2dd799a-a932-4e9d-ac17-d473bc3c6c10",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images ,
  - definitionVersion: 2.*.*2.1.0,
  - parameters: {3 items
    - listOfImageIdToInclude_windows: {1 item
      - value: "[parameters('listOfImageIdToInclude_windows-e2dd799a-a932-4e9d-ac17-d473bc3c6c10')]"
      },
    - listOfImageIdToInclude_linux: {1 item
      - value: "[parameters('listOfImageIdToInclude_linux-e2dd799a-a932-4e9d-ac17-d473bc3c6c10')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-e2dd799a-a932-4e9d-ac17-d473bc3c6c10')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "deeddb44-9f94-4903-9fa0-081d524406e3",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup ,
  - definitionVersion: 2.*.*-preview2.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-deeddb44-9f94-4903-9fa0-081d524406e3')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9')]"
      }
    },
  - groupNames: [2 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "9f061a12-e40d-4183-a00e-171812443373",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace ,
  - definitionVersion: 4.*.*4.2.0,
  - parameters: {6 items
    - source: {1 item
      - value: "[parameters('source-9f061a12-e40d-4183-a00e-171812443373')]"
      },
    - warn: {1 item
      - value: "[parameters('warn-9f061a12-e40d-4183-a00e-171812443373')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-9f061a12-e40d-4183-a00e-171812443373')]"
      },
    - excludedNamespaces: {1 item
      - value: "[parameters('excludedNamespaces-9f061a12-e40d-4183-a00e-171812443373')]"
      },
    - namespaces: {1 item
      - value: "[parameters('namespaces-9f061a12-e40d-4183-a00e-171812443373')]"
      },
    - labelSelector: {1 item
      - value: "[parameters('labelSelector-9f061a12-e40d-4183-a00e-171812443373')]"
      }
    },
  - groupNames: [3 items
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
    - "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
    ]
  }
],
policyDefinitionGroups: [8 items
- {2 items
  - name: "FBI_Criminal_Justice_Information_Services_v5.9.5_5.1",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/FBI_Criminal_Justice_Information_Services_v5.9.5_5.1"
  },
- {2 items
  - name: "FBI_Criminal_Justice_Information_Services_v5.9.5_5.7",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/FBI_Criminal_Justice_Information_Services_v5.9.5_5.7"
  },
- {2 items
  - name: "FBI_Criminal_Justice_Information_Services_v5.9.5_5.11",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/FBI_Criminal_Justice_Information_Services_v5.9.5_5.11"
  },
- {2 items
  - name: "FBI_Criminal_Justice_Information_Services_v5.9.5_5.5",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/FBI_Criminal_Justice_Information_Services_v5.9.5_5.5"
  },
- {2 items
  - name: "FBI_Criminal_Justice_Information_Services_v5.9.5_5.6",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/FBI_Criminal_Justice_Information_Services_v5.9.5_5.6"
  },
- {2 items
  - name: "FBI_Criminal_Justice_Information_Services_v5.9.5_5.4",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/FBI_Criminal_Justice_Information_Services_v5.9.5_5.4"
  },
- {2 items
  - name: "FBI_Criminal_Justice_Information_Services_v5.9.5_5.8",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/FBI_Criminal_Justice_Information_Services_v5.9.5_5.8"
  },
- {2 items
  - name: "FBI_Criminal_Justice_Information_Services_v5.9.5_5.3",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/FBI_Criminal_Justice_Information_Services_v5.9.5_5.3"
  }
],
versions: [7 items
- "1.6.0",
- "1.5.0",
- "1.4.0",
- "1.3.0",
- "1.2.0",
- "1.1.0",
- "1.0.0"
]

}