ISO/IEC 27001 2022

Azure BuiltIn Policy Initiative (PolicySet)

Policy types

Policy states

Policy categories

Total Policies: 62
Builtin Policies: 62
Static Policies: 0

GA: 60
Preview: 2

23 categories:

API for FHIR: 1
App Configuration: 1
Automation: 1
Azure Data Explorer: 2
Cache: 1
Compute: 2
Container Instance: 1
Cosmos DB: 1
Data Lake: 2
Event Hub: 1
General: 1
Guest Configuration: 6
Internet of Things: 1
Key Vault: 2
Kubernetes: 2
Logic Apps: 1
Machine Learning: 1
Monitoring: 7
Security Center: 18
Service Bus: 1
SQL: 5
Storage: 2
Stream Analytics: 2

Rows: 1-10 / 62

Records:

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Page of 7

Policy DisplayName

Policy Id

Category

Version

Versioning

Effect

Roles#

Roles

State

policy in AzUSGov

[Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed

8dfab9c4-fe7b-49ad-85e4-1e9be085358f

Kubernetes

6.0.0-preview

1x
6.0.0-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

true

[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets

f655e522-adff-494d-95c2-52d4f6d56a42

Security Center

3.1.0-preview

1x
3.1.0-preview

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

Preview

true

A vulnerability assessment solution should be enabled on your virtual machines

501541f7-f7e7-4cd6-868c-4190fdad3ac9

Security Center

3.0.0

1x
3.0.0

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

true

Activity log should be retained for at least one year

b02aacc0-b073-424e-8298-42b22829ee0a

Monitoring

1.0.0

1x
1.0.0

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

true

An activity log alert should exist for specific Administrative operations

b954148f-4c11-4c38-8221-be76711e194a

Monitoring

1.0.0

1x
1.0.0

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

true

An activity log alert should exist for specific Policy operations

c5447c04-a4d7-4ba8-a263-c9ee321a6858

Monitoring

3.0.0

1x
3.0.0

Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled

true

App Configuration should use a customer-managed key

967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1

App Configuration

1.1.0

1x
1.1.0

Default
Audit
Allowed
Audit, Deny, Disabled

unknown

Audit resource location matches resource group location

0a914e76-4921-4c19-b460-a2d36003525a

General

2.0.0

1x
2.0.0

Fixed
audit

unknown

Audit Windows machines missing any of specified members in the Administrators group

30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7

Guest Configuration

2.0.0

1x
2.0.0

Fixed
auditIfNotExists

true

Audit Windows machines that have the specified members in the Administrators group

69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f

Guest Configuration

2.0.0

1x
2.0.0

Fixed
auditIfNotExists

true

Date/Time (UTC ymd) (i)

Changes

2025-05-09 17:29:42

Version change: '1.0.0' to '1.1.0'
remove Policy [Deprecated]: Virtual machines should have the Log Analytics extension installed (a70ca396-0a34-413a-88e1-b956c1e683be)

2025-01-30 19:27:00

add Initiative 5e4ff661-23bf-42fa-8e3a-309a55091cc7

{

displayName: "ISO/IEC 27001 2022",
policyType: "BuiltIn",
description: "International standard for managing information security via an Information Security Management System (ISMS).",
metadata: {2 items
- version: "1.1.0",
- category: "Regulatory Compliance"
},
version: "1.1.0",
parameters: {83 items
- effect-81e74cea-30fd-40d5-802f-d72103c2aaaa: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-f655e522-adff-494d-95c2-52d4f6d56a42: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-a2a5b911-5617-447e-a49e-59dbe0e0434b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-a2a5b911-5617-447e-a49e-59dbe0e0434b: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-a1181c5f-672a-477a-979a-7d58aa086233: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-3e596b57-105f-48a6-be97-03e9243bad6e: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-3dc5edcd-002d-444c-b216-e123bbfa37c0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- IncludeArcMachines-33936777-f2ac-45aa-82ec-07958ec9ade4: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits-33936777-f2ac-45aa-82ec-07958ec9ade4: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Audit: Shut down system immediately if unable to log security audits",
    - description: "Audits if the system will shut down when unable to log Security events."
    },
  - defaultValue: "0"
  },
- effect-33936777-f2ac-45aa-82ec-07958ec9ade4: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-83a214f7-d01a-484b-91a9-ed54470c9a6a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-18adea5e-f416-4d0f-8aa8-d24321e3e274: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-afe0c3be-ba3b-4544-ba52-0c99672a8ad6: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days if exporting to an Azure Storage account"
    },
  - defaultValue: "365"
  },
- effect-efbde977-ba53-4479-b8e9-10b957924fbf: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-f4b53539-8df9-40e4-86c6-6b607703bd4e: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Disabled",
    - "Deny"
    ],
  - defaultValue: "Audit"
  },
- IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f: {2 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Members to exclude",
    - description: "A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"
    }
  },
- effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- allowedEncryptionSets-d461a302-a187-421a-89ac-84acdb4edc04: {2 items
  - type: "Array",
  - metadata: {3 items
    - displayName: "Allowed disk encryption set",
    - description: "The list of allowed disk encryption sets for managed disks.",
    - strongType: "Microsoft.Compute/diskEncryptionSets"
    }
  },
- effect-d461a302-a187-421a-89ac-84acdb4edc04: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-ca91455f-eace-4f96-be59-e6e2c35b4816: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-a70ca396-0a34-413a-88e1-b956c1e683be: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects",
    - deprecated: true
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "Disabled"
  },
- effect-7796937f-307b-4598-941c-67d3a05ebfe7: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-6581d072-105e-4418-827f-bd446d56421b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-ae89ebca-1c92-4898-ac2c-9f63decb045c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Operation Name",
    - description: "Policy Operation name for which activity log alert should exist"
    },
  - allowedValues: [2 items
    - "Microsoft.Authorization/policyAssignments/write",
    - "Microsoft.Authorization/policyAssignments/delete"
    ]
  },
- effect-cf820ca0-f99e-4f3e-84fb-66e913812d21: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-34f95f76-5386-4de7-b824-0d8478470c9d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9: {4 items
  - type: "String",
  - metadata: {1 item
    - displayName: "Desired Auditing setting"
    },
  - allowedValues: [2 items
    - "enabled",
    - "disabled"
    ],
  - defaultValue: "enabled"
  },
- effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-7926a6d1-b268-4586-8197-e8ae90c877d7: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- IncludeArcMachines-58383b73-94a9-4414-b382-4146eb02611b: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- AuditProcessTermination-58383b73-94a9-4414-b382-4146eb02611b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Audit Process Termination",
    - description: "Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes."
    },
  - allowedValues: [4 items
    - "No Auditing",
    - "Success",
    - "Failure",
    - "Success and Failure"
    ],
  - defaultValue: "No Auditing"
  },
- effect-58383b73-94a9-4414-b382-4146eb02611b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-0a370ff3-6cab-4e85-8995-295fd854c5b8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-057ef27e-665e-4328-8ea3-04b3122bd9fb: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-d31e5c31-63b2-4f12-887b-e49456834fa1: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-0e6763cc-5078-4e64-889d-ff4d9a839047: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-b02aacc0-b073-424e-8298-42b22829ee0a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-245fc9df-fa96-4414-9a0b-3738c2f7341c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-245fc9df-fa96-4414-9a0b-3738c2f7341c: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention (in days)"
    },
  - defaultValue: "365"
  },
- effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-b954148f-4c11-4c38-8221-be76711e194a: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- operationName-b954148f-4c11-4c38-8221-be76711e194a: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Operation Name",
    - description: "Administrative Operation name for which activity log alert should be configured"
    },
  - allowedValues: [10 items
    - "Microsoft.Sql/servers/firewallRules/write",
    - "Microsoft.Sql/servers/firewallRules/delete",
    - "Microsoft.Network/networkSecurityGroups/write",
    - "Microsoft.Network/networkSecurityGroups/delete",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/write",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/delete",
    - "Microsoft.Network/networkSecurityGroups/securityRules/write",
    - "Microsoft.Network/networkSecurityGroups/securityRules/delete",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write",
    - "Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"
    ]
  },
- effect-bfecdea6-31c4-4045-ad42-71b9dc87247d: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- effect-1f90fc71-a595-4066-8974-d4d0802e8ef0: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-f85bf3e0-d513-442e-89c3-1784ad63382b: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-1c988dd6-ade4-430f-a608-2a3e5b0a6d38: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-051cba44-2429-45b9-9649-46cec11c7119: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "Audit",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  },
- IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7: {4 items
  - type: "String",
  - metadata: {3 items
    - displayName: "Include Arc connected servers",
    - description: "By selecting this option, you agree to be charged monthly per Arc connected machine.",
    - portalReview: "true"
    },
  - allowedValues: [2 items
    - "true",
    - "false"
    ],
  - defaultValue: "false"
  },
- MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7: {2 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Members to include",
    - description: "A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2"
    }
  },
- effect-c3d20c29-b36d-48fe-808b-99a87530ad99: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [2 items
    - "AuditIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "AuditIfNotExists"
  },
- requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Required retention (days)",
    - description: "The required resource logs retention in days"
    },
  - defaultValue: "365"
  },
- effect-b5ec538c-daa0-4006-8596-35468b9148e8: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
    - description: "For more information about effects, visit https://aka.ms/policyeffects"
    },
  - allowedValues: [3 items
    - "Audit",
    - "Deny",
    - "Disabled"
    ],
  - defaultValue: "Audit"
  }
},
policyDefinitions: [62 items
- {5 items
  - policyDefinitionReferenceId: "81e74cea-30fd-40d5-802f-d72103c2aaaa",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-81e74cea-30fd-40d5-802f-d72103c2aaaa')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f655e522-adff-494d-95c2-52d4f6d56a42",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets ,
  - definitionVersion: 3.*.*-preview3.1.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-f655e522-adff-494d-95c2-52d4f6d56a42')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a2a5b911-5617-447e-a49e-59dbe0e0434b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-a2a5b911-5617-447e-a49e-59dbe0e0434b')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-a2a5b911-5617-447e-a49e-59dbe0e0434b')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a1181c5f-672a-477a-979a-7d58aa086233",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-a1181c5f-672a-477a-979a-7d58aa086233')]"
      }
    },
  - groupNames: [2 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3e596b57-105f-48a6-be97-03e9243bad6e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-3e596b57-105f-48a6-be97-03e9243bad6e')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3dc5edcd-002d-444c-b216-e123bbfa37c0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. ,
  - definitionVersion: 1.*.*1.1.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-3dc5edcd-002d-444c-b216-e123bbfa37c0')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "501541f7-f7e7-4cd6-868c-4190fdad3ac9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9')]"
      }
    },
  - groupNames: [2 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "5450f5bd-9c72-4390-a9c4-a7aba4edfdd2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "33936777-f2ac-45aa-82ec-07958ec9ade4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {3 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-33936777-f2ac-45aa-82ec-07958ec9ade4')]"
      },
    - AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits: {1 item
      - value: "[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits-33936777-f2ac-45aa-82ec-07958ec9ade4')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-33936777-f2ac-45aa-82ec-07958ec9ade4')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "83a214f7-d01a-484b-91a9-ed54470c9a6a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-83a214f7-d01a-484b-91a9-ed54470c9a6a')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "18adea5e-f416-4d0f-8aa8-d24321e3e274",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 1.*.*1.0.4,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-18adea5e-f416-4d0f-8aa8-d24321e3e274')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "afe0c3be-ba3b-4544-ba52-0c99672a8ad6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-afe0c3be-ba3b-4544-ba52-0c99672a8ad6')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "efbde977-ba53-4479-b8e9-10b957924fbf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-efbde977-ba53-4479-b8e9-10b957924fbf')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f4b53539-8df9-40e4-86c6-6b607703bd4e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-f4b53539-8df9-40e4-86c6-6b607703bd4e')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0aa61e00-0a01-4a3c-9945-e93cffedf0e6",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f')]"
      },
    - MembersToExclude: {1 item
      - value: "[parameters('MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {4 items
  - policyDefinitionReferenceId: "0a914e76-4921-4c19-b460-a2d36003525a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location ,
  - definitionVersion: 2.*.*2.0.0,
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "22bee202-a82f-4305-9a2a-6d7f44d4dedb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "56a5ee18-2ae6-4810-86f7-18e39ce5629b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "8dfab9c4-fe7b-49ad-85e4-1e9be085358f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed ,
  - definitionVersion: 6.*.*-preview6.0.0-preview,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d461a302-a187-421a-89ac-84acdb4edc04",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - allowedEncryptionSets: {1 item
      - value: "[parameters('allowedEncryptionSets-d461a302-a187-421a-89ac-84acdb4edc04')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-d461a302-a187-421a-89ac-84acdb4edc04')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "3bc8a0d5-38e0-4a3d-a657-2cb64468fc34",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ca91455f-eace-4f96-be59-e6e2c35b4816",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ca91455f-eace-4f96-be59-e6e2c35b4816')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "87ba29ef-1ab3-4d82-b763-87fcd4f531f7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "4da35fc9-c9e7-4960-aec9-797fe7d9051d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled ,
  - definitionVersion: 1.*.*1.0.3,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7796937f-307b-4598-941c-67d3a05ebfe7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7796937f-307b-4598-941c-67d3a05ebfe7')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "6581d072-105e-4418-827f-bd446d56421b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled ,
  - definitionVersion: 1.*.*1.0.2,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-6581d072-105e-4418-827f-bd446d56421b')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ae89ebca-1c92-4898-ac2c-9f63decb045c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines ,
  - definitionVersion: 1.*.*1.0.3,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ae89ebca-1c92-4898-ac2c-9f63decb045c')]"
      }
    },
  - groupNames: [2 items
    - "ISO_IEC_27001_2022_6.3",
    - "ISO_IEC_27001_2022_8.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "383856f8-de7f-44a2-81fc-e5135b5c2aa4",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled ,
  - definitionVersion: 3.*.*3.1.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "adbe85b5-83e6-4350-ab58-bf3a4f736e5e",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c5447c04-a4d7-4ba8-a263-c9ee321a6858",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858')]"
      },
    - operationName: {1 item
      - value: "[parameters('operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "cf820ca0-f99e-4f3e-84fb-66e913812d21",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-cf820ca0-f99e-4f3e-84fb-66e913812d21')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "34f95f76-5386-4de7-b824-0d8478470c9d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled ,
  - definitionVersion: 5.*.*5.1.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-34f95f76-5386-4de7-b824-0d8478470c9d')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
      },
    - setting: {1 item
      - value: "[parameters('setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ac01ad65-10e5-46df-bdd9-6b0cad13e1d2",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "7926a6d1-b268-4586-8197-e8ae90c877d7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled ,
  - definitionVersion: 1.*.*1.0.3,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-7926a6d1-b268-4586-8197-e8ae90c877d7')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "58383b73-94a9-4414-b382-4146eb02611b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' ,
  - definitionVersion: 3.*.*3.0.0,
  - parameters: {3 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-58383b73-94a9-4414-b382-4146eb02611b')]"
      },
    - AuditProcessTermination: {1 item
      - value: "[parameters('AuditProcessTermination-58383b73-94a9-4414-b382-4146eb02611b')]"
      },
    - effect: {1 item
      - value: "[parameters('effect-58383b73-94a9-4414-b382-4146eb02611b')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0a370ff3-6cab-4e85-8995-295fd854c5b8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 2.*.*2.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0a370ff3-6cab-4e85-8995-295fd854c5b8')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "ca88aadc-6e2b-416c-9de2-5a0f01d1693f",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. ,
  - definitionVersion: 1.*.*1.2.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "057ef27e-665e-4328-8ea3-04b3122bd9fb",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-057ef27e-665e-4328-8ea3-04b3122bd9fb')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d31e5c31-63b2-4f12-887b-e49456834fa1",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-d31e5c31-63b2-4f12-887b-e49456834fa1')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0e6763cc-5078-4e64-889d-ff4d9a839047",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled ,
  - definitionVersion: 1.*.*1.0.3,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0e6763cc-5078-4e64-889d-ff4d9a839047')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "0a9fbe0d-c5c4-4da8-87d8-f4fd77338835",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b02aacc0-b073-424e-8298-42b22829ee0a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-b02aacc0-b073-424e-8298-42b22829ee0a')]"
      }
    },
  - groupNames: [9 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_6.1.2",
    - "ISO_IEC_27001_2022_6.1.3",
    - "ISO_IEC_27001_2022_6.2",
    - "ISO_IEC_27001_2022_8.2",
    - "ISO_IEC_27001_2022_8.3",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_9.2.2",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "245fc9df-fa96-4414-9a0b-3738c2f7341c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-245fc9df-fa96-4414-9a0b-3738c2f7341c')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-245fc9df-fa96-4414-9a0b-3738c2f7341c')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "d38668f5-d155-42c7-ab3d-9b57b50f8fbf",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c95c74d9-38fe-4f0d-af86-0c7d626a315c",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b954148f-4c11-4c38-8221-be76711e194a",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a')]"
      },
    - operationName: {1 item
      - value: "[parameters('operationName-b954148f-4c11-4c38-8221-be76711e194a')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "bfecdea6-31c4-4045-ad42-71b9dc87247d",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d Storage account encryption scopes should use double encryption for data at rest ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-bfecdea6-31c4-4045-ad42-71b9dc87247d')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1f90fc71-a595-4066-8974-d4d0802e8ef0",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1f90fc71-a595-4066-8974-d4d0802e8ef0')]"
      }
    },
  - groupNames: [2 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f85bf3e0-d513-442e-89c3-1784ad63382b",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) ,
  - definitionVersion: 1.*.*1.0.1,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-f85bf3e0-d513-442e-89c3-1784ad63382b')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_6.3",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_8.1",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "1c988dd6-ade4-430f-a608-2a3e5b0a6d38",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-1c988dd6-ade4-430f-a608-2a3e5b0a6d38')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "051cba44-2429-45b9-9649-46cec11c7119",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119 Azure API for FHIR should use a customer-managed key to encrypt data at rest ,
  - definitionVersion: 1.*.*1.1.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-051cba44-2429-45b9-9649-46cec11c7119')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group ,
  - definitionVersion: 2.*.*2.0.0,
  - parameters: {2 items
    - IncludeArcMachines: {1 item
      - value: "[parameters('IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7')]"
      },
    - MembersToInclude: {1 item
      - value: "[parameters('MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "c3d20c29-b36d-48fe-808b-99a87530ad99",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-c3d20c29-b36d-48fe-808b-99a87530ad99')]"
      }
    },
  - groupNames: [4 items
    - "ISO_IEC_27001_2022_10.2",
    - "ISO_IEC_27001_2022_9.1",
    - "ISO_IEC_27001_2022_7.5.3",
    - "ISO_IEC_27001_2022_9.3.3"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f9be5368-9bf5-4b84-9e0a-7850da98bb46",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled ,
  - definitionVersion: 5.*.*5.0.0,
  - parameters: {2 items
    - effect: {1 item
      - value: "[parameters('effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45')]"
      },
    - requiredRetentionDays: {1 item
      - value: "[parameters('requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_9.1"
    ]
  },
- {5 items
  - policyDefinitionReferenceId: "b5ec538c-daa0-4006-8596-35468b9148e8",
  - policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8 Storage account encryption scopes should use customer-managed keys to encrypt data at rest ,
  - definitionVersion: 1.*.*1.0.0,
  - parameters: {1 item
    - effect: {1 item
      - value: "[parameters('effect-b5ec538c-daa0-4006-8596-35468b9148e8')]"
      }
    },
  - groupNames: [1 item
    - "ISO_IEC_27001_2022_7.5.3"
    ]
  }
],
policyDefinitionGroups: [12 items
- {2 items
  - name: "ISO_IEC_27001_2022_7.5.3",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_7.5.3"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_6.3",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_6.3"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_8.1",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_8.1"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_9.3.3",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_9.3.3"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_9.1",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_9.1"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_10.2",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_10.2"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_6.1.2",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_6.1.2"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_6.1.3",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_6.1.3"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_6.2",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_6.2"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_8.2",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_8.2"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_8.3",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_8.3"
  },
- {2 items
  - name: "ISO_IEC_27001_2022_9.2.2",
  - additionalMetadataId: "/providers/Microsoft.PolicyInsights/policyMetadata/ISO_IEC_27001_2022_9.2.2"
  }
],
versions: [2 items
- "1.1.0",
- "1.0.0"
]

}