AzInitiativeAdvertizer

last sync: 2021-Mar-03 15:53:02 UTC

Azure Policy Initiative

[Preview]: CIS Microsoft Azure Foundations Benchmark 1.3.0

Name[Preview]: CIS Microsoft Azure Foundations Benchmark 1.3.0
Azure Portal
Id612b5213-9160-4969-8578-1518bd2a000c
Version1.0.0-preview
details on versioning
CategoryRegulatory Compliance
Microsoft docs
DescriptionThis initiative includes policies that address a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cisazure130-initiative.
TypeBuiltIn
DeprecatedFalse
PreviewTrue
History
Date/Time (UTC ymd) (i) Changes
2021-02-17 14:28:42 add Initiative 612b5213-9160-4969-8578-1518bd2a000c
Policy count Total Policies: 97
Builtin Policies: 97
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
[Preview]: Key Vault keys should have an expiration date 152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)		 Preview
[Preview]: Key Vault secrets should have an expiration date 98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)		 Preview
[Preview]: Storage account public access should be disallowed 4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage Default: audit
Allowed: (audit, deny, disabled)		 Preview
Advanced data security should be enabled on SQL Managed Instance abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Advanced data security should be enabled on your SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
An activity log alert should exist for specific Administrative operations b954148f-4c11-4c38-8221-be76711e194a Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
An activity log alert should exist for specific Policy operations c5447c04-a4d7-4ba8-a263-c9ee321a6858 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
An activity log alert should exist for specific Security operations 3b980d31-7904-4bb7-8575-5665739a8052 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Audit VMs that do not use managed disks 06a78e20-9358-41c9-923c-fb736d382a4d Compute Fixed: audit GA
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Authentication should be enabled on your API app c4ebc54a-46e1-481a-bee2-d4411e95d828 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Authentication should be enabled on your Function app c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Authentication should be enabled on your web app 95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Auto provisioning of the Log Analytics agent should be enabled on your subscription 475aae12-b88a-4572-8b36-9b712b2b3a17 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for App Service should be enabled 2913021d-f2fd-4f3d-b958-22354e2bdbcb Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for Azure SQL Database servers should be enabled 7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for container registries should be enabled c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for Key Vault should be enabled 0e6763cc-5078-4e64-889d-ff4d9a839047 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for Kubernetes should be enabled 523b5cd1-3e23-492f-a539-13118b6d1e3a Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for servers should be enabled 4da35fc9-c9e7-4960-aec9-797fe7d9051d Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for SQL servers on machines should be enabled 6581d072-105e-4418-827f-bd446d56421b Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Azure Defender for Storage should be enabled 308fbb08-4ab8-4e67-9b29-592e93fb94fa Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Connection throttling should be enabled for PostgreSQL database servers 5345bb39-67dc-4960-a1bf-427e16b9a0bd SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Custom subscription owner roles should not exist 10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9 General Default: Audit
Allowed: (Audit, Disabled)		 GA
Diagnostic logs in App Services should be enabled b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Disconnections should be logged for PostgreSQL database servers. eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Disk encryption should be applied on virtual machines 0961003e-5a0a-4549-abde-af6a37f2724d Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Email notification for high severity alerts should be enabled 6e2593d9-add6-4083-9c9b-4b7d2188c899 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Enforce SSL connection should be enabled for MySQL database servers e802a67a-daf5-4436-9ea6-f6d821dd0c5d SQL Default: Audit
Allowed: (Audit, Disabled)		 GA
Enforce SSL connection should be enabled for PostgreSQL database servers d158790f-bfb0-486c-8631-2dc6b4e8e6af SQL Default: Audit
Allowed: (Audit, Disabled)		 GA
Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On' 0c192fe8-9cbb-4516-85b3-0ade8bd03886 App Service Default: Audit
Allowed: (Audit, Disabled)		 GA
Ensure that 'HTTP Version' is the latest, if used to run the API app 991310cd-e9f3-47bc-b7b6-f57b557d07db App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'HTTP Version' is the latest, if used to run the Function app e2c1c086-2d84-4019-bff3-c44ccd95113c App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'HTTP Version' is the latest, if used to run the Web app 8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Java version' is the latest, if used as a part of the API app 88999f4c-376a-45c8-bcb3-4058f713cf39 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Java version' is the latest, if used as a part of the Function app 9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Java version' is the latest, if used as a part of the Web app 496223c3-ad65-4ecd-878a-bae78737e9ed App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'PHP version' is the latest, if used as a part of the API app 1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'PHP version' is the latest, if used as a part of the WEB app 7261b898-8a84-4db8-9e04-18527132abb3 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Python version' is the latest, if used as a part of the API app 74c3584d-afae-46f7-a20a-6f8adba71a16 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Python version' is the latest, if used as a part of the Function app 7238174a-fd10-4ef0-817e-fc820a951d73 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure that 'Python version' is the latest, if used as a part of the Web app 7008174a-fd10-4ef0-817e-fc820a951d73 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On' 5bb220d9-2698-4ee4-8404-b9c30c9df609 App Service Default: Audit
Allowed: (Audit, Disabled)		 GA
External accounts with owner permissions should be removed from your subscription f8456c1c-aa66-4dfb-861a-25d127b775c9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
External accounts with read permissions should be removed from your subscription 5f76cf89-fbf2-47fd-a3f4-b891fa780b60 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
External accounts with write permissions should be removed from your subscription 5c607a2e-c700-4744-8254-d77e7c9eb5e4 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
FTPS only should be required in your API App 9a1b8c48-453a-4044-86c3-d8bfd823e4f5 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
FTPS only should be required in your Function App 399b2637-a50f-4f95-96f8-3a145476eb15 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
FTPS should be required in your Web App 4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Function apps should have 'Client Certificates (Incoming client certificates)' enabled eaebaea7-8013-4ceb-9d14-7eb32271373c App Service Default: Audit
Allowed: (Audit, Disabled)		 GA
Key vaults should have purge protection enabled 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Latest TLS version should be used in your API App 8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Latest TLS version should be used in your Function App f9d614c5-c173-4d56-95a7-b4437057d193 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Latest TLS version should be used in your Web App f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Log checkpoints should be enabled for PostgreSQL database servers eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Log connections should be enabled for PostgreSQL database servers eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Managed identity should be used in your API App c4d441f8-f9d9-4a9e-9cef-e82117cb3eef App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Managed identity should be used in your Function App 0da106f2-4ca3-48e8-bc85-c638fe6aea8f App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Managed identity should be used in your Web App 2b9ad585-36bc-4615-b300-fd4435808332 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
MFA should be enabled accounts with write permissions on your subscription 9297c21d-2ed6-4474-b48f-163f75654ce3 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
MFA should be enabled on accounts with owner permissions on your subscription aa633080-8b72-40c4-a2d7-d00c03e80bed Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
MFA should be enabled on accounts with read permissions on your subscription e3576e28-8b17-4677-84c3-db2990658d64 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Network Watcher should be enabled b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Only approved VM extensions should be installed c0e996f8-39cf-4af9-9f45-83fbde810432 Compute Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
RDP access from the Internet should be blocked e372f825-a257-4fb8-9175-797a8a8627d6 Network Default: Audit
Allowed: (Audit, Disabled)		 GA
Resource logs in Azure Data Lake Store should be enabled 057ef27e-665e-4328-8ea3-04b3122bd9fb Data Lake Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Azure Stream Analytics should be enabled f9be5368-9bf5-4b84-9e0a-7850da98bb46 Stream Analytics Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Batch accounts should be enabled 428256e6-1fac-4f48-a757-df34c2b3336d Batch Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Data Lake Analytics should be enabled c95c74d9-38fe-4f0d-af86-0c7d626a315c Data Lake Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Event Hub should be enabled 83a214f7-d01a-484b-91a9-ed54470c9a6a Event Hub Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in IoT Hub should be enabled 383856f8-de7f-44a2-81fc-e5135b5c2aa4 Internet of Things Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Key Vault should be enabled cf820ca0-f99e-4f3e-84fb-66e913812d21 Key Vault Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Logic Apps should be enabled 34f95f76-5386-4de7-b824-0d8478470c9d Logic Apps Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4 Search Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Service Bus should be enabled f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Service Bus Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Resource logs in Virtual Machine Scale Sets should be enabled 7c1b1214-f927-48bf-8882-84f0af6588b1 Compute Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Security Center Default: Audit
Allowed: (Audit, Disabled)		 GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
SQL managed instances should use customer-managed keys to encrypt data at rest 048248b0-55cd-46da-b1ff-39efd52db260 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
SQL servers should be configured with 90 days auditing retention or higher 89099bee-89e0-4b26-a5f4-165451757743 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
SQL servers should use customer-managed keys to encrypt data at rest 0d134df8-db83-46fb-ad72-fe0c9428c8dd SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
SSH access from the Internet should be blocked 2c89a2e5-7285-40fe-afe0-ae8654b92fab Network Default: Audit
Allowed: (Audit, Disabled)		 GA
Storage account containing the container with activity logs must be encrypted with BYOK fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Storage accounts should allow access from trusted Microsoft services c9d007d0-c057-4772-b18c-01e546713bcd Storage Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Storage accounts should restrict network access using virtual network rules 2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage Default: Audit
Allowed: (Audit, Deny, Disabled)		 GA
Storage accounts should use customer-managed key for encryption 6fac406b-40ca-413b-bf8e-0bf964659c25 Storage Default: Audit
Allowed: (Audit, Disabled)		 GA
Subscriptions should have a contact email address for security issues 4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Unattached disks should be encrypted 2c89a2e5-7285-40fe-afe0-ae8654b92fb2 Compute Default: Audit
Allowed: (Audit, Disabled)		 GA
Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports 057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)		 GA
Web Application should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service Default: Audit
Allowed: (Audit, Disabled)		 GA
Json 
{
  "properties": {
  "displayName": "[Preview]: CIS Microsoft Azure Foundations Benchmark 1.3.0",
    "policyType": "BuiltIn",
    "description": "This initiative includes policies that address a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cisazure130-initiative.",
    "metadata": {
      "version": "1.0.0-preview",
      "preview": true,
      "category": "Regulatory Compliance"
    },
    "parameters": {
      "effect-aa633080-8b72-40c4-a2d7-d00c03e80bed": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: MFA should be enabled on accounts with owner permissions on your subscription",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-9297c21d-2ed6-4474-b48f-163f75654ce3": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: MFA should be enabled accounts with write permissions on your subscription",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-e3576e28-8b17-4677-84c3-db2990658d64": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: MFA should be enabled on accounts with read permissions on your subscription",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: External accounts with read permissions should be removed from your subscription",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: External accounts with write permissions should be removed from your subscription",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-f8456c1c-aa66-4dfb-861a-25d127b775c9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: External accounts with owner permissions should be removed from your subscription",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Custom subscription owner roles should not exist",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Azure Defender for servers should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Azure Defender for App Service should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Azure Defender for Azure SQL Database servers should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-6581d072-105e-4418-827f-bd446d56421b": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Azure Defender for SQL servers on machines should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Azure Defender for Storage should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-523b5cd1-3e23-492f-a539-13118b6d1e3a": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Azure Defender for Kubernetes should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Azure Defender for container registries should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-0e6763cc-5078-4e64-889d-ff4d9a839047": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Azure Defender for Key Vault should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-475aae12-b88a-4572-8b36-9b712b2b3a17": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Auto provisioning of the Log Analytics agent should be enabled on your subscription",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Subscriptions should have a contact email address for security issues",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-6e2593d9-add6-4083-9c9b-4b7d2188c899": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Email notification for high severity alerts should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-404c3081-a854-4457-ae30-26a93ef643f9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Secure transfer to storage accounts should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Storage account public access should be disallowed",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "audit",
          "deny",
          "disabled"
        ],
        "defaultValue": "audit"
      },
      "effect-34c877ad-507e-4c82-993e-3452a6e0ad3c": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Storage accounts should restrict network access",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Storage accounts should restrict network access using virtual network rules",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-c9d007d0-c057-4772-b18c-01e546713bcd": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Storage accounts should allow access from trusted Microsoft services",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-6fac406b-40ca-413b-bf8e-0bf964659c25": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Storage account should use customer-managed key for encryption",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Auditing on SQL server should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Required auditing setting for SQL servers"
        },
        "allowedValues": [
          "enabled",
          "disabled"
        ],
        "defaultValue": "enabled"
      },
      "effect-17k78e20-9358-41c9-923c-fb736d382a12": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Transparent Data Encryption on SQL databases should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-89099bee-89e0-4b26-a5f4-165451757743": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: SQL servers should be configured with 90 days auditing retention or higher.",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Advanced data security should be enabled on your SQL servers",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Advanced data security should be enabled on SQL Managed Instance",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Vulnerability assessment should be enabled on your SQL servers",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Vulnerability assessment should be enabled on SQL Managed Instance",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Enforce SSL connection should be enabled for MySQL database servers",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Enforce SSL connection should be enabled for PostgreSQL database servers",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Log checkpoints should be enabled for PostgreSQL database servers",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Log connections should be enabled for PostgreSQL database servers",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Disconnections should be logged for PostgreSQL database servers.",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Connection throttling should be enabled for PostgreSQL database servers",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-1f314764-cb73-4fc9-b863-8eca98ac36e9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An Azure Active Directory administrator should be provisioned for SQL servers",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: SQL servers should use customer-managed keys to encrypt data at rest",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-048248b0-55cd-46da-b1ff-39efd52db260": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: SQL managed instances should use customer-managed keys to encrypt data at rest",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Storage account containing the container with activity logs must be encrypted with BYOK",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Policy operations (Microsoft.Authorization/policyAssignments/write)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Policy operations (Microsoft.Authorization/policyAssignments/delete)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/write)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/delete)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/securityRules/write)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/securityRules/delete)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Security operations (Microsoft.Security/securitySolutions/write)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Security operations (Microsoft.Security/securitySolutions/delete)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Sql/servers/firewallRules/write)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Sql/servers/firewallRules/delete)",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-cf820ca0-f99e-4f3e-84fb-66e913812d21": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Key Vault should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "requiredRetentionDays": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Required retention period (days) for resource logs",
          "description": "For more information about resource logs, visit https://aka.ms/resourcelogs"
        },
        "defaultValue": "365"
      },
      "effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in App Services should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-428256e6-1fac-4f48-a757-df34c2b3336d": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Batch accounts should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-7c1b1214-f927-48bf-8882-84f0af6588b1": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Virtual Machine Scale Sets should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1": {
        "type": "Boolean",
        "metadata": {
        "displayName": "[Preview]: Include AKS clusters when auditing if virtual machine scale set resource logs are enabled"
        },
        "defaultValue": false
      },
      "effect-057ef27e-665e-4328-8ea3-04b3122bd9fb": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Azure Data Lake Store should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Data Lake Analytics should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-83a214f7-d01a-484b-91a9-ed54470c9a6a": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Event Hub should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in IoT Hub should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-34f95f76-5386-4de7-b824-0d8478470c9d": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Logic Apps should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Search services should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Service Bus should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Resource logs in Azure Stream Analytics should be enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-e372f825-a257-4fb8-9175-797a8a8627d6": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: RDP access from the Internet should be blocked",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: SSH access from the Internet should be blocked",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: List of regions where Network Watcher should be enabled",
          "description": "To see a complete list of regions, run the PowerShell command Get-AzLocation",
          "strongType": "location"
        },
        "defaultValue": [
          
        ]
      },
      "resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Name of the resource group for Network Watcher",
          "description": "Name of the resource group where Network Watchers are located"
        },
        "defaultValue": "NetworkWatcherRG"
      },
      "effect-0961003e-5a0a-4549-abde-af6a37f2724d": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Disk encryption should be applied on virtual machines",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Unattached disks should be encrypted",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-c0e996f8-39cf-4af9-9f45-83fbde810432": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Only approved VM extensions should be installed",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432": {
        "type": "Array",
        "metadata": {
        "displayName": "[Preview]: List of virtual machine extensions that are approved for use",
          "description": "A semicolon-separated list of virtual machine extensions; to see a complete list of extensions, use the Azure PowerShell command Get-AzVMExtensionImage"
        },
        "defaultValue": [
          "AzureDiskEncryption",
          "AzureDiskEncryptionForLinux",
          "DependencyAgentWindows",
          "DependencyAgentLinux",
          "IaaSAntimalware",
          "IaaSDiagnostics",
          "LinuxDiagnostic",
          "MicrosoftMonitoringAgent",
          "NetworkWatcherAgentLinux",
          "NetworkWatcherAgentWindows",
          "OmsAgentForLinux",
          "VMSnapshot",
          "VMSnapshotLinux"
        ]
      },
      "effect-86b3d65f-7626-441e-b690-81a8b71cff60": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: System updates should be installed on your machines",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Monitor missing Endpoint Protection in Azure Security Center",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Keys should have expiration dates set",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-98728c90-32c7-4049-8429-847dc0f4fe37": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Secrets should have expiration dates set",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Key vault should have purge protection enabled",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes Services",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-c4ebc54a-46e1-481a-bee2-d4411e95d828": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Authentication should be enabled on your API app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Authentication should be enabled on your Function app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Authentication should be enabled on your web app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-a4af4a39-4135-47fb-b175-47fbdf85311d": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Web Application should only be accessible over HTTPS",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Latest TLS version should be used in your API App",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-f9d614c5-c173-4d56-95a7-b4437057d193": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Latest TLS version should be used in your Function App",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Latest TLS version should be used in your Web App",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-eaebaea7-8013-4ceb-9d14-7eb32271373c": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure Function app has 'Client Certificates (Incoming client certificates)' set to 'On'",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-5bb220d9-2698-4ee4-8404-b9c30c9df609": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Managed identity should be used in your API App",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Managed identity should be used in your Function App",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-2b9ad585-36bc-4615-b300-fd4435808332": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Managed identity should be used in your Web App",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'PHP version' is the latest, if used as a part of the API app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "PHPLatestVersion": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest PHP version for App Services",
          "description": "Latest supported PHP version for App Services"
        },
        "defaultValue": "7.3"
      },
      "effect-7261b898-8a84-4db8-9e04-18527132abb3": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'PHP version' is the latest, if used as a part of the WEB app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-74c3584d-afae-46f7-a20a-6f8adba71a16": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'Python version' is the latest, if used as a part of the API app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "LinuxPythonLatestVersion": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest Python version for Linux for App Services",
          "description": "Latest supported Python version for App Services"
        },
        "defaultValue": "3.8"
      },
      "effect-7238174a-fd10-4ef0-817e-fc820a951d73": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'Python version' is the latest, if used as a part of the Function app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-7008174a-fd10-4ef0-817e-fc820a951d73": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'Python version' is the latest, if used as a part of the Web app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-88999f4c-376a-45c8-bcb3-4058f713cf39": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'Java version' is the latest, if used as a part of the API app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "JavaLatestVersion": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Latest Java version for App Services",
          "description": "Latest supported Java version for App Services"
        },
        "defaultValue": "11"
      },
      "effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'Java version' is the latest, if used as a part of the Function app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-496223c3-ad65-4ecd-878a-bae78737e9ed": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'Java version' is the latest, if used as a part of the Web app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-991310cd-e9f3-47bc-b7b6-f57b557d07db": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'HTTP Version' is the latest, if used to run the API app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-e2c1c086-2d84-4019-bff3-c44ccd95113c": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'HTTP Version' is the latest, if used to run the Function app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: Ensure that 'HTTP Version' is the latest, if used to run the Web app",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: FTPS only should be required in your API App",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-399b2637-a50f-4f95-96f8-3a145476eb15": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: FTPS only should be required in your Function App",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      },
      "effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b": {
        "type": "String",
        "metadata": {
        "displayName": "[Preview]: Effect for policy: FTPS should be required in your Web App",
          "description": "For more information about effects, visit https://aka.ms/policyeffects"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "aa633080-8b72-40c4-a2d7-d00c03e80bed",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-aa633080-8b72-40c4-a2d7-d00c03e80bed')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "9297c21d-2ed6-4474-b48f-163f75654ce3",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-9297c21d-2ed6-4474-b48f-163f75654ce3')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "e3576e28-8b17-4677-84c3-db2990658d64",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-e3576e28-8b17-4677-84c3-db2990658d64')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_1.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "5f76cf89-fbf2-47fd-a3f4-b891fa780b60",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "5c607a2e-c700-4744-8254-d77e7c9eb5e4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "f8456c1c-aa66-4dfb-861a-25d127b775c9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-f8456c1c-aa66-4dfb-861a-25d127b775c9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_1.21"
        ]
      },
      {
        "policyDefinitionReferenceId": "4da35fc9-c9e7-4960-aec9-797fe7d9051d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "2913021d-f2fd-4f3d-b958-22354e2bdbcb",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "6581d072-105e-4418-827f-bd446d56421b",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-6581d072-105e-4418-827f-bd446d56421b')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "523b5cd1-3e23-492f-a539-13118b6d1e3a",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-523b5cd1-3e23-492f-a539-13118b6d1e3a')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "c25d9a16-bc35-4e15-a7e5-9db606bf9ed4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.7"
        ]
      },
      {
        "policyDefinitionReferenceId": "0e6763cc-5078-4e64-889d-ff4d9a839047",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-0e6763cc-5078-4e64-889d-ff4d9a839047')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-475aae12-b88a-4572-8b36-9b712b2b3a17')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.11"
        ]
      },
      {
        "policyDefinitionReferenceId": "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.13"
        ]
      },
      {
        "policyDefinitionReferenceId": "6e2593d9-add6-4083-9c9b-4b7d2188c899",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-6e2593d9-add6-4083-9c9b-4b7d2188c899')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_2.14"
        ]
      },
      {
        "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-404c3081-a854-4457-ae30-26a93ef643f9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_3.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "4fa4b6c0-31ca-4c0d-b10d-24b96f62a751",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_3.5",
          "CIS_Azure_1.3.0_5.1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "34c877ad-507e-4c82-993e-3452a6e0ad3c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-34c877ad-507e-4c82-993e-3452a6e0ad3c')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_3.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "2a1a9cdf-e04d-429a-8416-3bfb72a1b26f",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_3.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "c9d007d0-c057-4772-b18c-01e546713bcd",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-c9d007d0-c057-4772-b18c-01e546713bcd')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_3.7"
        ]
      },
      {
        "policyDefinitionReferenceId": "6fac406b-40ca-413b-bf8e-0bf964659c25",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-6fac406b-40ca-413b-bf8e-0bf964659c25')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_3.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
          },
          "setting": {
          "value": "[parameters('setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.1.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "17k78e20-9358-41c9-923c-fb736d382a12",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-17k78e20-9358-41c9-923c-fb736d382a12')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.1.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "89099bee-89e0-4b26-a5f4-165451757743",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-89099bee-89e0-4b26-a5f4-165451757743')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.1.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.2.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.2.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.2.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.2.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.2.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "e802a67a-daf5-4436-9ea6-f6d821dd0c5d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.3.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.3.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.3.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "eb6f77b9-bd53-4e35-a23d-7f65d5f0e442",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.3.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "eb6f77b9-bd53-4e35-a23d-7f65d5f0e446",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.3.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "5345bb39-67dc-4960-a1bf-427e16b9a0bd",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.3.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "1f314764-cb73-4fc9-b863-8eca98ac36e9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-1f314764-cb73-4fc9-b863-8eca98ac36e9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "0d134df8-db83-46fb-ad72-fe0c9428c8dd",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "048248b0-55cd-46da-b1ff-39efd52db260",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-048248b0-55cd-46da-b1ff-39efd52db260')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_4.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "fbb99e8e-e444-4da0-9ff1-75c92f5a85b2",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.1.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "c5447c04-a4d7-4ba8-a263-c9ee321a6858-0",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write')]"
          },
          "operationName": {
            "value": "Microsoft.Authorization/policyAssignments/write"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "c5447c04-a4d7-4ba8-a263-c9ee321a6858-1",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete')]"
          },
          "operationName": {
            "value": "Microsoft.Authorization/policyAssignments/delete"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-0",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write')]"
          },
          "operationName": {
            "value": "Microsoft.Network/networkSecurityGroups/write"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-1",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete')]"
          },
          "operationName": {
            "value": "Microsoft.Network/networkSecurityGroups/delete"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-2",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write')]"
          },
          "operationName": {
            "value": "Microsoft.Network/networkSecurityGroups/securityRules/write"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-3",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete')]"
          },
          "operationName": {
            "value": "Microsoft.Network/networkSecurityGroups/securityRules/delete"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "3b980d31-7904-4bb7-8575-5665739a8052-0",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write')]"
          },
          "operationName": {
            "value": "Microsoft.Security/securitySolutions/write"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.7"
        ]
      },
      {
        "policyDefinitionReferenceId": "3b980d31-7904-4bb7-8575-5665739a8052-1",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete')]"
          },
          "operationName": {
            "value": "Microsoft.Security/securitySolutions/delete"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write')]"
          },
          "operationName": {
            "value": "Microsoft.Sql/servers/firewallRules/write"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-5",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete')]"
          },
          "operationName": {
            "value": "Microsoft.Sql/servers/firewallRules/delete"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.2.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "cf820ca0-f99e-4f3e-84fb-66e913812d21",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-cf820ca0-f99e-4f3e-84fb-66e913812d21')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.1.5",
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "428256e6-1fac-4f48-a757-df34c2b3336d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-428256e6-1fac-4f48-a757-df34c2b3336d')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "7c1b1214-f927-48bf-8882-84f0af6588b1",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-7c1b1214-f927-48bf-8882-84f0af6588b1')]"
          },
          "includeAKSClusters": {
          "value": "[parameters('includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "057ef27e-665e-4328-8ea3-04b3122bd9fb",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-057ef27e-665e-4328-8ea3-04b3122bd9fb')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "c95c74d9-38fe-4f0d-af86-0c7d626a315c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "83a214f7-d01a-484b-91a9-ed54470c9a6a",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-83a214f7-d01a-484b-91a9-ed54470c9a6a')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "383856f8-de7f-44a2-81fc-e5135b5c2aa4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "34f95f76-5386-4de7-b824-0d8478470c9d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-34f95f76-5386-4de7-b824-0d8478470c9d')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "b4330a05-a843-4bc8-bf9a-cacce50c67f4",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "f9be5368-9bf5-4b84-9e0a-7850da98bb46",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46')]"
          },
          "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_5.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "e372f825-a257-4fb8-9175-797a8a8627d6",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-e372f825-a257-4fb8-9175-797a8a8627d6')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_6.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "2c89a2e5-7285-40fe-afe0-ae8654b92fab",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_6.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "b6e2945c-0b7b-40f5-9233-7a5323b5cdc6",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6",
        "parameters": {
          "listOfLocations": {
          "value": "[parameters('listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6')]"
          },
          "resourceGroupName": {
          "value": "[parameters('resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_6.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "06a78e20-9358-41c9-923c-fb736d382a4d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
        "parameters": {
          
        },
        "groupNames": [
          "CIS_Azure_1.3.0_7.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "0961003e-5a0a-4549-abde-af6a37f2724d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-0961003e-5a0a-4549-abde-af6a37f2724d')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_7.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "2c89a2e5-7285-40fe-afe0-ae8654b92fb2",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_7.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "c0e996f8-39cf-4af9-9f45-83fbde810432",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-c0e996f8-39cf-4af9-9f45-83fbde810432')]"
          },
          "approvedExtensions": {
          "value": "[parameters('approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_7.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "86b3d65f-7626-441e-b690-81a8b71cff60",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-86b3d65f-7626-441e-b690-81a8b71cff60')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_7.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_7.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_8.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "98728c90-32c7-4049-8429-847dc0f4fe37",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-98728c90-32c7-4049-8429-847dc0f4fe37')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_8.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_8.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "ac4a19c2-fa67-49b4-8ae5-0b2e78c49457",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_8.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "c4ebc54a-46e1-481a-bee2-d4411e95d828",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-c4ebc54a-46e1-481a-bee2-d4411e95d828')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "95bccee9-a7f8-4bec-9ee9-62c3473701fc",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.1"
        ]
      },
      {
        "policyDefinitionReferenceId": "a4af4a39-4135-47fb-b175-47fbdf85311d",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-a4af4a39-4135-47fb-b175-47fbdf85311d')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.2"
        ]
      },
      {
        "policyDefinitionReferenceId": "8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "f9d614c5-c173-4d56-95a7-b4437057d193",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-f9d614c5-c173-4d56-95a7-b4437057d193')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.3"
        ]
      },
      {
        "policyDefinitionReferenceId": "0c192fe8-9cbb-4516-85b3-0ade8bd03886",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "eaebaea7-8013-4ceb-9d14-7eb32271373c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-eaebaea7-8013-4ceb-9d14-7eb32271373c')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "5bb220d9-2698-4ee4-8404-b9c30c9df609",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-5bb220d9-2698-4ee4-8404-b9c30c9df609')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.4"
        ]
      },
      {
        "policyDefinitionReferenceId": "c4d441f8-f9d9-4a9e-9cef-e82117cb3eef",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "2b9ad585-36bc-4615-b300-fd4435808332",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-2b9ad585-36bc-4615-b300-fd4435808332')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.5"
        ]
      },
      {
        "policyDefinitionReferenceId": "1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba')]"
          },
          "PHPLatestVersion": {
          "value": "[parameters('PHPLatestVersion')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "7261b898-8a84-4db8-9e04-18527132abb3",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-7261b898-8a84-4db8-9e04-18527132abb3')]"
          },
          "PHPLatestVersion": {
          "value": "[parameters('PHPLatestVersion')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.6"
        ]
      },
      {
        "policyDefinitionReferenceId": "74c3584d-afae-46f7-a20a-6f8adba71a16",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-74c3584d-afae-46f7-a20a-6f8adba71a16')]"
          },
          "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.7"
        ]
      },
      {
        "policyDefinitionReferenceId": "7238174a-fd10-4ef0-817e-fc820a951d73",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-7238174a-fd10-4ef0-817e-fc820a951d73')]"
          },
          "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.7"
        ]
      },
      {
        "policyDefinitionReferenceId": "7008174a-fd10-4ef0-817e-fc820a951d73",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-7008174a-fd10-4ef0-817e-fc820a951d73')]"
          },
          "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.7"
        ]
      },
      {
        "policyDefinitionReferenceId": "88999f4c-376a-45c8-bcb3-4058f713cf39",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-88999f4c-376a-45c8-bcb3-4058f713cf39')]"
          },
          "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc')]"
          },
          "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "496223c3-ad65-4ecd-878a-bae78737e9ed",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-496223c3-ad65-4ecd-878a-bae78737e9ed')]"
          },
          "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.8"
        ]
      },
      {
        "policyDefinitionReferenceId": "991310cd-e9f3-47bc-b7b6-f57b557d07db",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-991310cd-e9f3-47bc-b7b6-f57b557d07db')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "e2c1c086-2d84-4019-bff3-c44ccd95113c",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-e2c1c086-2d84-4019-bff3-c44ccd95113c')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "8c122334-9d20-4eb8-89ea-ac9a705b74ae",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.9"
        ]
      },
      {
        "policyDefinitionReferenceId": "9a1b8c48-453a-4044-86c3-d8bfd823e4f5",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "399b2637-a50f-4f95-96f8-3a145476eb15",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-399b2637-a50f-4f95-96f8-3a145476eb15')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.10"
        ]
      },
      {
        "policyDefinitionReferenceId": "4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b",
        "parameters": {
          "effect": {
          "value": "[parameters('effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b')]"
          }
        },
        "groupNames": [
          "CIS_Azure_1.3.0_9.10"
        ]
      }
    ],
    "policyDefinitionGroups": [
      {
        "name": "CIS_Azure_1.3.0_1.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.1"
      },
      {
        "name": "CIS_Azure_1.3.0_1.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.2"
      },
      {
        "name": "CIS_Azure_1.3.0_1.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.3"
      },
      {
        "name": "CIS_Azure_1.3.0_1.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.4"
      },
      {
        "name": "CIS_Azure_1.3.0_1.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.5"
      },
      {
        "name": "CIS_Azure_1.3.0_1.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.6"
      },
      {
        "name": "CIS_Azure_1.3.0_1.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.7"
      },
      {
        "name": "CIS_Azure_1.3.0_1.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.8"
      },
      {
        "name": "CIS_Azure_1.3.0_1.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.9"
      },
      {
        "name": "CIS_Azure_1.3.0_1.10",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.10"
      },
      {
        "name": "CIS_Azure_1.3.0_1.11",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.11"
      },
      {
        "name": "CIS_Azure_1.3.0_1.12",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.12"
      },
      {
        "name": "CIS_Azure_1.3.0_1.13",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.13"
      },
      {
        "name": "CIS_Azure_1.3.0_1.14",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.14"
      },
      {
        "name": "CIS_Azure_1.3.0_1.15",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.15"
      },
      {
        "name": "CIS_Azure_1.3.0_1.16",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.16"
      },
      {
        "name": "CIS_Azure_1.3.0_1.17",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.17"
      },
      {
        "name": "CIS_Azure_1.3.0_1.18",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.18"
      },
      {
        "name": "CIS_Azure_1.3.0_1.19",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.19"
      },
      {
        "name": "CIS_Azure_1.3.0_1.20",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.20"
      },
      {
        "name": "CIS_Azure_1.3.0_1.21",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.21"
      },
      {
        "name": "CIS_Azure_1.3.0_1.22",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.22"
      },
      {
        "name": "CIS_Azure_1.3.0_1.23",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.23"
      },
      {
        "name": "CIS_Azure_1.3.0_2.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.1"
      },
      {
        "name": "CIS_Azure_1.3.0_2.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.2"
      },
      {
        "name": "CIS_Azure_1.3.0_2.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.3"
      },
      {
        "name": "CIS_Azure_1.3.0_2.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.4"
      },
      {
        "name": "CIS_Azure_1.3.0_2.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.5"
      },
      {
        "name": "CIS_Azure_1.3.0_2.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.6"
      },
      {
        "name": "CIS_Azure_1.3.0_2.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.7"
      },
      {
        "name": "CIS_Azure_1.3.0_2.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.8"
      },
      {
        "name": "CIS_Azure_1.3.0_2.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.9"
      },
      {
        "name": "CIS_Azure_1.3.0_2.10",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.10"
      },
      {
        "name": "CIS_Azure_1.3.0_2.11",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.11"
      },
      {
        "name": "CIS_Azure_1.3.0_2.12",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.12"
      },
      {
        "name": "CIS_Azure_1.3.0_2.13",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.13"
      },
      {
        "name": "CIS_Azure_1.3.0_2.14",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.14"
      },
      {
        "name": "CIS_Azure_1.3.0_2.15",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.15"
      },
      {
        "name": "CIS_Azure_1.3.0_3.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.1"
      },
      {
        "name": "CIS_Azure_1.3.0_3.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.2"
      },
      {
        "name": "CIS_Azure_1.3.0_3.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.3"
      },
      {
        "name": "CIS_Azure_1.3.0_3.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.4"
      },
      {
        "name": "CIS_Azure_1.3.0_3.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.5"
      },
      {
        "name": "CIS_Azure_1.3.0_3.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.6"
      },
      {
        "name": "CIS_Azure_1.3.0_3.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.7"
      },
      {
        "name": "CIS_Azure_1.3.0_3.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.8"
      },
      {
        "name": "CIS_Azure_1.3.0_3.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.9"
      },
      {
        "name": "CIS_Azure_1.3.0_3.10",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.10"
      },
      {
        "name": "CIS_Azure_1.3.0_3.11",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.11"
      },
      {
        "name": "CIS_Azure_1.3.0_4.1.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.1"
      },
      {
        "name": "CIS_Azure_1.3.0_4.1.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.2"
      },
      {
        "name": "CIS_Azure_1.3.0_4.1.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.3"
      },
      {
        "name": "CIS_Azure_1.3.0_4.2.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.1"
      },
      {
        "name": "CIS_Azure_1.3.0_4.2.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.2"
      },
      {
        "name": "CIS_Azure_1.3.0_4.2.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.3"
      },
      {
        "name": "CIS_Azure_1.3.0_4.2.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.4"
      },
      {
        "name": "CIS_Azure_1.3.0_4.2.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.5"
      },
      {
        "name": "CIS_Azure_1.3.0_4.3.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.1"
      },
      {
        "name": "CIS_Azure_1.3.0_4.3.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.2"
      },
      {
        "name": "CIS_Azure_1.3.0_4.3.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.3"
      },
      {
        "name": "CIS_Azure_1.3.0_4.3.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.4"
      },
      {
        "name": "CIS_Azure_1.3.0_4.3.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.5"
      },
      {
        "name": "CIS_Azure_1.3.0_4.3.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.6"
      },
      {
        "name": "CIS_Azure_1.3.0_4.3.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.7"
      },
      {
        "name": "CIS_Azure_1.3.0_4.3.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.8"
      },
      {
        "name": "CIS_Azure_1.3.0_4.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.4"
      },
      {
        "name": "CIS_Azure_1.3.0_4.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.5"
      },
      {
        "name": "CIS_Azure_1.3.0_5.1.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.1"
      },
      {
        "name": "CIS_Azure_1.3.0_5.1.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.2"
      },
      {
        "name": "CIS_Azure_1.3.0_5.1.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.3"
      },
      {
        "name": "CIS_Azure_1.3.0_5.1.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.4"
      },
      {
        "name": "CIS_Azure_1.3.0_5.1.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.5"
      },
      {
        "name": "CIS_Azure_1.3.0_5.2.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.1"
      },
      {
        "name": "CIS_Azure_1.3.0_5.2.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.2"
      },
      {
        "name": "CIS_Azure_1.3.0_5.2.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.3"
      },
      {
        "name": "CIS_Azure_1.3.0_5.2.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.4"
      },
      {
        "name": "CIS_Azure_1.3.0_5.2.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.5"
      },
      {
        "name": "CIS_Azure_1.3.0_5.2.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.6"
      },
      {
        "name": "CIS_Azure_1.3.0_5.2.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.7"
      },
      {
        "name": "CIS_Azure_1.3.0_5.2.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.8"
      },
      {
        "name": "CIS_Azure_1.3.0_5.2.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.9"
      },
      {
        "name": "CIS_Azure_1.3.0_5.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.3"
      },
      {
        "name": "CIS_Azure_1.3.0_6.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.1"
      },
      {
        "name": "CIS_Azure_1.3.0_6.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.2"
      },
      {
        "name": "CIS_Azure_1.3.0_6.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.3"
      },
      {
        "name": "CIS_Azure_1.3.0_6.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.4"
      },
      {
        "name": "CIS_Azure_1.3.0_6.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.5"
      },
      {
        "name": "CIS_Azure_1.3.0_6.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.6"
      },
      {
        "name": "CIS_Azure_1.3.0_7.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.1"
      },
      {
        "name": "CIS_Azure_1.3.0_7.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.2"
      },
      {
        "name": "CIS_Azure_1.3.0_7.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.3"
      },
      {
        "name": "CIS_Azure_1.3.0_7.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.4"
      },
      {
        "name": "CIS_Azure_1.3.0_7.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.5"
      },
      {
        "name": "CIS_Azure_1.3.0_7.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.6"
      },
      {
        "name": "CIS_Azure_1.3.0_7.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.7"
      },
      {
        "name": "CIS_Azure_1.3.0_8.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.1"
      },
      {
        "name": "CIS_Azure_1.3.0_8.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.2"
      },
      {
        "name": "CIS_Azure_1.3.0_8.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.3"
      },
      {
        "name": "CIS_Azure_1.3.0_8.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.4"
      },
      {
        "name": "CIS_Azure_1.3.0_8.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.5"
      },
      {
        "name": "CIS_Azure_1.3.0_9.1",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.1"
      },
      {
        "name": "CIS_Azure_1.3.0_9.2",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.2"
      },
      {
        "name": "CIS_Azure_1.3.0_9.3",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.3"
      },
      {
        "name": "CIS_Azure_1.3.0_9.4",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.4"
      },
      {
        "name": "CIS_Azure_1.3.0_9.5",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.5"
      },
      {
        "name": "CIS_Azure_1.3.0_9.6",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.6"
      },
      {
        "name": "CIS_Azure_1.3.0_9.7",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.7"
      },
      {
        "name": "CIS_Azure_1.3.0_9.8",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.8"
      },
      {
        "name": "CIS_Azure_1.3.0_9.9",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.9"
      },
      {
        "name": "CIS_Azure_1.3.0_9.10",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.10"
      },
      {
        "name": "CIS_Azure_1.3.0_9.11",
        "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.11"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/612b5213-9160-4969-8578-1518bd2a000c",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "612b5213-9160-4969-8578-1518bd2a000c"
}