AzPolicyInitiativesAdvertizer

Azure Policy Initiative

CIS Microsoft Azure Foundations Benchmark v1.3.0

Policy DisplayName

Policy Id

Category

Effect

State

[Preview]: Key Vault keys should have an expiration date

152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0

Key Vault

Default: Audit
Allowed: (Audit, Deny, Disabled)

Preview

[Preview]: Key Vault secrets should have an expiration date

98728c90-32c7-4049-8429-847dc0f4fe37

Key Vault

Default: Audit
Allowed: (Audit, Deny, Disabled)

Preview

[Preview]: Storage account public access should be disallowed

4fa4b6c0-31ca-4c0d-b10d-24b96f62a751

Storage

Default: audit
Allowed: (audit, deny, disabled)

Preview

An activity log alert should exist for specific Administrative operations

b954148f-4c11-4c38-8221-be76711e194a

Monitoring

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

An activity log alert should exist for specific Policy operations

c5447c04-a4d7-4ba8-a263-c9ee321a6858

Monitoring

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

An activity log alert should exist for specific Security operations

3b980d31-7904-4bb7-8575-5665739a8052

Monitoring

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

An Azure Active Directory administrator should be provisioned for SQL servers

1f314764-cb73-4fc9-b863-8eca98ac36e9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Audit VMs that do not use managed disks

06a78e20-9358-41c9-923c-fb736d382a4d

Compute

Fixed: audit

Auditing on SQL server should be enabled

a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Authentication should be enabled on your API app

c4ebc54a-46e1-481a-bee2-d4411e95d828

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Authentication should be enabled on your Function app

c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Authentication should be enabled on your web app

95bccee9-a7f8-4bec-9ee9-62c3473701fc

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Auto provisioning of the Log Analytics agent should be enabled on your subscription

475aae12-b88a-4572-8b36-9b712b2b3a17

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for App Service should be enabled

2913021d-f2fd-4f3d-b958-22354e2bdbcb

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for Azure SQL Database servers should be enabled

7fe3b40f-802b-4cdd-8bd4-fd799c948cc2

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for container registries should be enabled

c25d9a16-bc35-4e15-a7e5-9db606bf9ed4

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for Key Vault should be enabled

0e6763cc-5078-4e64-889d-ff4d9a839047

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for Kubernetes should be enabled

523b5cd1-3e23-492f-a539-13118b6d1e3a

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for servers should be enabled

4da35fc9-c9e7-4960-aec9-797fe7d9051d

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for SQL servers on machines should be enabled

6581d072-105e-4418-827f-bd446d56421b

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for SQL should be enabled for unprotected Azure SQL servers

abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for SQL should be enabled for unprotected SQL Managed Instances

abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure Defender for Storage should be enabled

308fbb08-4ab8-4e67-9b29-592e93fb94fa

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Connection throttling should be enabled for PostgreSQL database servers

5345bb39-67dc-4960-a1bf-427e16b9a0bd

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Custom subscription owner roles should not exist

10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9

General

Default: Audit
Allowed: (Audit, Disabled)

Diagnostic logs in App Services should be enabled

b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Disconnections should be logged for PostgreSQL database servers.

eb6f77b9-bd53-4e35-a23d-7f65d5f0e446

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Disk encryption should be applied on virtual machines

0961003e-5a0a-4549-abde-af6a37f2724d

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Email notification for high severity alerts should be enabled

6e2593d9-add6-4083-9c9b-4b7d2188c899

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Enforce SSL connection should be enabled for MySQL database servers

e802a67a-daf5-4436-9ea6-f6d821dd0c5d

SQL

Default: Audit
Allowed: (Audit, Disabled)

Enforce SSL connection should be enabled for PostgreSQL database servers

d158790f-bfb0-486c-8631-2dc6b4e8e6af

SQL

Default: Audit
Allowed: (Audit, Disabled)

Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'

0c192fe8-9cbb-4516-85b3-0ade8bd03886

App Service

Default: Audit
Allowed: (Audit, Disabled)

Ensure that 'HTTP Version' is the latest, if used to run the API app

991310cd-e9f3-47bc-b7b6-f57b557d07db

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'HTTP Version' is the latest, if used to run the Function app

e2c1c086-2d84-4019-bff3-c44ccd95113c

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'HTTP Version' is the latest, if used to run the Web app

8c122334-9d20-4eb8-89ea-ac9a705b74ae

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'Java version' is the latest, if used as a part of the API app

88999f4c-376a-45c8-bcb3-4058f713cf39

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'Java version' is the latest, if used as a part of the Function app

9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'Java version' is the latest, if used as a part of the Web app

496223c3-ad65-4ecd-878a-bae78737e9ed

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'PHP version' is the latest, if used as a part of the API app

1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'PHP version' is the latest, if used as a part of the WEB app

7261b898-8a84-4db8-9e04-18527132abb3

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'Python version' is the latest, if used as a part of the API app

74c3584d-afae-46f7-a20a-6f8adba71a16

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'Python version' is the latest, if used as a part of the Function app

7238174a-fd10-4ef0-817e-fc820a951d73

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure that 'Python version' is the latest, if used as a part of the Web app

7008174a-fd10-4ef0-817e-fc820a951d73

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'

5bb220d9-2698-4ee4-8404-b9c30c9df609

App Service

Default: Audit
Allowed: (Audit, Disabled)

External accounts with owner permissions should be removed from your subscription

f8456c1c-aa66-4dfb-861a-25d127b775c9

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

External accounts with read permissions should be removed from your subscription

5f76cf89-fbf2-47fd-a3f4-b891fa780b60

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

External accounts with write permissions should be removed from your subscription

5c607a2e-c700-4744-8254-d77e7c9eb5e4

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

FTPS only should be required in your API App

9a1b8c48-453a-4044-86c3-d8bfd823e4f5

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

FTPS only should be required in your Function App

399b2637-a50f-4f95-96f8-3a145476eb15

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

FTPS should be required in your Web App

4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Function apps should have 'Client Certificates (Incoming client certificates)' enabled

eaebaea7-8013-4ceb-9d14-7eb32271373c

App Service

Default: Audit
Allowed: (Audit, Disabled)

Key vaults should have purge protection enabled

0b60c0b2-2dc2-4e1c-b5c9-abbed971de53

Key Vault

Default: Audit
Allowed: (Audit, Deny, Disabled)

Latest TLS version should be used in your API App

8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Latest TLS version should be used in your Function App

f9d614c5-c173-4d56-95a7-b4437057d193

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Latest TLS version should be used in your Web App

f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Log checkpoints should be enabled for PostgreSQL database servers

eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Log connections should be enabled for PostgreSQL database servers

eb6f77b9-bd53-4e35-a23d-7f65d5f0e442

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Managed identity should be used in your API App

c4d441f8-f9d9-4a9e-9cef-e82117cb3eef

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Managed identity should be used in your Function App

0da106f2-4ca3-48e8-bc85-c638fe6aea8f

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Managed identity should be used in your Web App

2b9ad585-36bc-4615-b300-fd4435808332

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

MFA should be enabled accounts with write permissions on your subscription

9297c21d-2ed6-4474-b48f-163f75654ce3

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

MFA should be enabled on accounts with owner permissions on your subscription

aa633080-8b72-40c4-a2d7-d00c03e80bed

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

MFA should be enabled on accounts with read permissions on your subscription

e3576e28-8b17-4677-84c3-db2990658d64

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Monitor missing Endpoint Protection in Azure Security Center

af6cd1bd-1635-48cb-bde7-5b15693900b9

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Network Watcher should be enabled

b6e2945c-0b7b-40f5-9233-7a5323b5cdc6

Network

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Only approved VM extensions should be installed

c0e996f8-39cf-4af9-9f45-83fbde810432

Compute

Default: Audit
Allowed: (Audit, Deny, Disabled)

RDP access from the Internet should be blocked

e372f825-a257-4fb8-9175-797a8a8627d6

Network

Default: Audit
Allowed: (Audit, Disabled)

Resource logs in Azure Data Lake Store should be enabled

057ef27e-665e-4328-8ea3-04b3122bd9fb

Data Lake

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in Azure Stream Analytics should be enabled

f9be5368-9bf5-4b84-9e0a-7850da98bb46

Stream Analytics

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in Batch accounts should be enabled

428256e6-1fac-4f48-a757-df34c2b3336d

Batch

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in Data Lake Analytics should be enabled

c95c74d9-38fe-4f0d-af86-0c7d626a315c

Data Lake

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in Event Hub should be enabled

83a214f7-d01a-484b-91a9-ed54470c9a6a

Event Hub

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in IoT Hub should be enabled

383856f8-de7f-44a2-81fc-e5135b5c2aa4

Internet of Things

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in Key Vault should be enabled

cf820ca0-f99e-4f3e-84fb-66e913812d21

Key Vault

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in Logic Apps should be enabled

34f95f76-5386-4de7-b824-0d8478470c9d

Logic Apps

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in Search services should be enabled

b4330a05-a843-4bc8-bf9a-cacce50c67f4

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in Service Bus should be enabled

f8d36e2f-389b-4ee4-898d-21aeb69a0f45

Service Bus

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Resource logs in Virtual Machine Scale Sets should be enabled

7c1b1214-f927-48bf-8882-84f0af6588b1

Compute

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Role-Based Access Control (RBAC) should be used on Kubernetes Services

ac4a19c2-fa67-49b4-8ae5-0b2e78c49457

Security Center

Default: Audit
Allowed: (Audit, Disabled)

Secure transfer to storage accounts should be enabled

404c3081-a854-4457-ae30-26a93ef643f9

Storage

Default: Audit
Allowed: (Audit, Deny, Disabled)

SQL managed instances should use customer-managed keys to encrypt data at rest

048248b0-55cd-46da-b1ff-39efd52db260

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

SQL servers should use customer-managed keys to encrypt data at rest

0d134df8-db83-46fb-ad72-fe0c9428c8dd

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

SQL servers with auditing to storage account destination should be configured with 90 days retention or higher

89099bee-89e0-4b26-a5f4-165451757743

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

SSH access from the Internet should be blocked

2c89a2e5-7285-40fe-afe0-ae8654b92fab

Network

Default: Audit
Allowed: (Audit, Disabled)

Storage account containing the container with activity logs must be encrypted with BYOK

fbb99e8e-e444-4da0-9ff1-75c92f5a85b2

Monitoring

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Storage accounts should allow access from trusted Microsoft services

c9d007d0-c057-4772-b18c-01e546713bcd

Storage

Default: Audit
Allowed: (Audit, Deny, Disabled)

Storage accounts should restrict network access

34c877ad-507e-4c82-993e-3452a6e0ad3c

Storage

Default: Audit
Allowed: (Audit, Deny, Disabled)

Storage accounts should restrict network access using virtual network rules

2a1a9cdf-e04d-429a-8416-3bfb72a1b26f

Storage

Default: Audit
Allowed: (Audit, Deny, Disabled)

Storage accounts should use customer-managed key for encryption

6fac406b-40ca-413b-bf8e-0bf964659c25

Storage

Default: Audit
Allowed: (Audit, Disabled)

Subscriptions should have a contact email address for security issues

4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

System updates should be installed on your machines

86b3d65f-7626-441e-b690-81a8b71cff60

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Transparent Data Encryption on SQL databases should be enabled

17k78e20-9358-41c9-923c-fb736d382a12

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Unattached disks should be encrypted

2c89a2e5-7285-40fe-afe0-ae8654b92fb2

Compute

Default: Audit
Allowed: (Audit, Disabled)

Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports

057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Vulnerability assessment should be enabled on SQL Managed Instance

1b7aa243-30e4-4c9e-bca8-d0d3022b634a

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Vulnerability assessment should be enabled on your SQL servers

ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Web Application should only be accessible over HTTPS

a4af4a39-4135-47fb-b175-47fbdf85311d

App Service

Default: Audit
Allowed: (Audit, Disabled)

{ "properties": { "displayName": "CIS Microsoft Azure Foundations Benchmark v1.3.0", "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cisazure130-initiative.", "metadata": { "version": "1.1.1", "category": "Regulatory Compliance" }, "parameters": { "effect-aa633080-8b72-40c4-a2d7-d00c03e80bed": { "type": "String", "metadata": { "displayName": "Effect for policy: MFA should be enabled on accounts with owner permissions on your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-9297c21d-2ed6-4474-b48f-163f75654ce3": { "type": "String", "metadata": { "displayName": "Effect for policy: MFA should be enabled accounts with write permissions on your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-e3576e28-8b17-4677-84c3-db2990658d64": { "type": "String", "metadata": { "displayName": "Effect for policy: MFA should be enabled on accounts with read permissions on your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60": { "type": "String", "metadata": { "displayName": "Effect for policy: External accounts with read permissions should be removed from your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4": { "type": "String", "metadata": { "displayName": "Effect for policy: External accounts with write permissions should be removed from your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-f8456c1c-aa66-4dfb-861a-25d127b775c9": { "type": "String", "metadata": { "displayName": "Effect for policy: External accounts with owner permissions should be removed from your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9": { "type": "String", "metadata": { "displayName": "Effect for policy: Custom subscription owner roles should not exist", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d": { "type": "String", "metadata": { "displayName": "Effect for policy: Azure Defender for servers should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb": { "type": "String", "metadata": { "displayName": "Effect for policy: Azure Defender for App Service should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2": { "type": "String", "metadata": { "displayName": "Effect for policy: Azure Defender for Azure SQL Database servers should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-6581d072-105e-4418-827f-bd446d56421b": { "type": "String", "metadata": { "displayName": "Effect for policy: Azure Defender for SQL servers on machines should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": { "type": "String", "metadata": { "displayName": "Effect for policy: Azure Defender for Storage should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-523b5cd1-3e23-492f-a539-13118b6d1e3a": { "type": "String", "metadata": { "displayName": "Effect for policy: Azure Defender for Kubernetes should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4": { "type": "String", "metadata": { "displayName": "Effect for policy: Azure Defender for container registries should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-0e6763cc-5078-4e64-889d-ff4d9a839047": { "type": "String", "metadata": { "displayName": "Effect for policy: Azure Defender for Key Vault should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-475aae12-b88a-4572-8b36-9b712b2b3a17": { "type": "String", "metadata": { "displayName": "Effect for policy: Auto provisioning of the Log Analytics agent should be enabled on your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": { "type": "String", "metadata": { "displayName": "Effect for policy: Subscriptions should have a contact email address for security issues", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-6e2593d9-add6-4083-9c9b-4b7d2188c899": { "type": "String", "metadata": { "displayName": "Effect for policy: Email notification for high severity alerts should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-404c3081-a854-4457-ae30-26a93ef643f9": { "type": "String", "metadata": { "displayName": "Effect for policy: Secure transfer to storage accounts should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751": { "type": "String", "metadata": { "displayName": "Effect for policy: Storage account public access should be disallowed", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "audit", "deny", "disabled" ], "defaultValue": "audit" }, "effect-34c877ad-507e-4c82-993e-3452a6e0ad3c": { "type": "String", "metadata": { "displayName": "Effect for policy: Storage accounts should restrict network access", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f": { "type": "String", "metadata": { "displayName": "Effect for policy: Storage accounts should restrict network access using virtual network rules", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-c9d007d0-c057-4772-b18c-01e546713bcd": { "type": "String", "metadata": { "displayName": "Effect for policy: Storage accounts should allow access from trusted Microsoft services", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-6fac406b-40ca-413b-bf8e-0bf964659c25": { "type": "String", "metadata": { "displayName": "Effect for policy: Storage account should use customer-managed key for encryption", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": { "type": "String", "metadata": { "displayName": "Effect for policy: Auditing on SQL server should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": { "type": "String", "metadata": { "displayName": "Required auditing setting for SQL servers" }, "allowedValues": [ "enabled", "disabled" ], "defaultValue": "enabled" }, "effect-17k78e20-9358-41c9-923c-fb736d382a12": { "type": "String", "metadata": { "displayName": "Effect for policy: Transparent Data Encryption on SQL databases should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-89099bee-89e0-4b26-a5f4-165451757743": { "type": "String", "metadata": { "displayName": "Effect for policy: SQL servers should be configured with 90 days auditing retention or higher.", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9": { "type": "String", "metadata": { "displayName": "Effect for policy: Advanced data security should be enabled on your SQL servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9": { "type": "String", "metadata": { "displayName": "Effect for policy: Advanced data security should be enabled on SQL Managed Instance", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": { "type": "String", "metadata": { "displayName": "Effect for policy: Vulnerability assessment should be enabled on your SQL servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a": { "type": "String", "metadata": { "displayName": "Effect for policy: Vulnerability assessment should be enabled on SQL Managed Instance", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9": { "type": "String", "metadata": { "displayName": "Effect for policy: Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d": { "type": "String", "metadata": { "displayName": "Effect for policy: Enforce SSL connection should be enabled for MySQL database servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af": { "type": "String", "metadata": { "displayName": "Effect for policy: Enforce SSL connection should be enabled for PostgreSQL database servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d": { "type": "String", "metadata": { "displayName": "Effect for policy: Log checkpoints should be enabled for PostgreSQL database servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442": { "type": "String", "metadata": { "displayName": "Effect for policy: Log connections should be enabled for PostgreSQL database servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446": { "type": "String", "metadata": { "displayName": "Effect for policy: Disconnections should be logged for PostgreSQL database servers.", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd": { "type": "String", "metadata": { "displayName": "Effect for policy: Connection throttling should be enabled for PostgreSQL database servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-1f314764-cb73-4fc9-b863-8eca98ac36e9": { "type": "String", "metadata": { "displayName": "Effect for policy: An Azure Active Directory administrator should be provisioned for SQL servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd": { "type": "String", "metadata": { "displayName": "Effect for policy: SQL servers should use customer-managed keys to encrypt data at rest", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-048248b0-55cd-46da-b1ff-39efd52db260": { "type": "String", "metadata": { "displayName": "Effect for policy: SQL managed instances should use customer-managed keys to encrypt data at rest", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2": { "type": "String", "metadata": { "displayName": "Effect for policy: Storage account containing the container with activity logs must be encrypted with BYOK", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Policy operations (Microsoft.Authorization/policyAssignments/write)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Policy operations (Microsoft.Authorization/policyAssignments/delete)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/write)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/delete)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/securityRules/write)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/securityRules/delete)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Security operations (Microsoft.Security/securitySolutions/write)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Security operations (Microsoft.Security/securitySolutions/delete)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Sql/servers/firewallRules/write)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete": { "type": "String", "metadata": { "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Sql/servers/firewallRules/delete)", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-cf820ca0-f99e-4f3e-84fb-66e913812d21": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Key Vault should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "requiredRetentionDays": { "type": "String", "metadata": { "displayName": "Required retention period (days) for resource logs", "description": "For more information about resource logs, visit https://aka.ms/resourcelogs" }, "defaultValue": "365" }, "effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in App Services should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-428256e6-1fac-4f48-a757-df34c2b3336d": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Batch accounts should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-7c1b1214-f927-48bf-8882-84f0af6588b1": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Virtual Machine Scale Sets should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1": { "type": "Boolean", "metadata": { "displayName": "Include AKS clusters when auditing if virtual machine scale set resource logs are enabled" }, "defaultValue": false }, "effect-057ef27e-665e-4328-8ea3-04b3122bd9fb": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Azure Data Lake Store should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Data Lake Analytics should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-83a214f7-d01a-484b-91a9-ed54470c9a6a": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Event Hub should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in IoT Hub should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-34f95f76-5386-4de7-b824-0d8478470c9d": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Logic Apps should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Search services should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Service Bus should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46": { "type": "String", "metadata": { "displayName": "Effect for policy: Resource logs in Azure Stream Analytics should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-e372f825-a257-4fb8-9175-797a8a8627d6": { "type": "String", "metadata": { "displayName": "Effect for policy: RDP access from the Internet should be blocked", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab": { "type": "String", "metadata": { "displayName": "Effect for policy: SSH access from the Internet should be blocked", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": { "type": "Array", "metadata": { "displayName": "[Deprecated]: List of regions where Network Watcher should be enabled", "description": "To see a complete list of regions, run the PowerShell command Get-AzLocation", "strongType": "location", "deprecated": true }, "defaultValue": [ ] }, "resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": { "type": "String", "metadata": { "displayName": "Name of the resource group for Network Watcher", "description": "Name of the resource group where Network Watchers are located" }, "defaultValue": "NetworkWatcherRG" }, "effect-0961003e-5a0a-4549-abde-af6a37f2724d": { "type": "String", "metadata": { "displayName": "Effect for policy: Disk encryption should be applied on virtual machines", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2": { "type": "String", "metadata": { "displayName": "Effect for policy: Unattached disks should be encrypted", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-c0e996f8-39cf-4af9-9f45-83fbde810432": { "type": "String", "metadata": { "displayName": "Effect for policy: Only approved VM extensions should be installed", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432": { "type": "Array", "metadata": { "displayName": "List of virtual machine extensions that are approved for use", "description": "A semicolon-separated list of virtual machine extensions; to see a complete list of extensions, use the Azure PowerShell command Get-AzVMExtensionImage" }, "defaultValue": [ "AzureDiskEncryption", "AzureDiskEncryptionForLinux", "DependencyAgentWindows", "DependencyAgentLinux", "IaaSAntimalware", "IaaSDiagnostics", "LinuxDiagnostic", "MicrosoftMonitoringAgent", "NetworkWatcherAgentLinux", "NetworkWatcherAgentWindows", "OmsAgentForLinux", "VMSnapshot", "VMSnapshotLinux" ] }, "effect-86b3d65f-7626-441e-b690-81a8b71cff60": { "type": "String", "metadata": { "displayName": "Effect for policy: System updates should be installed on your machines", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": { "type": "String", "metadata": { "displayName": "Effect for policy: Keys should have expiration dates set", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-98728c90-32c7-4049-8429-847dc0f4fe37": { "type": "String", "metadata": { "displayName": "Effect for policy: Secrets should have expiration dates set", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": { "type": "String", "metadata": { "displayName": "Effect for policy: Key vault should have purge protection enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457": { "type": "String", "metadata": { "displayName": "Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes Services", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-c4ebc54a-46e1-481a-bee2-d4411e95d828": { "type": "String", "metadata": { "displayName": "Effect for policy: Authentication should be enabled on your API app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8": { "type": "String", "metadata": { "displayName": "Effect for policy: Authentication should be enabled on your Function app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc": { "type": "String", "metadata": { "displayName": "Effect for policy: Authentication should be enabled on your web app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-a4af4a39-4135-47fb-b175-47fbdf85311d": { "type": "String", "metadata": { "displayName": "Effect for policy: Web Application should only be accessible over HTTPS", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e": { "type": "String", "metadata": { "displayName": "Effect for policy: Latest TLS version should be used in your API App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-f9d614c5-c173-4d56-95a7-b4437057d193": { "type": "String", "metadata": { "displayName": "Effect for policy: Latest TLS version should be used in your Function App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b": { "type": "String", "metadata": { "displayName": "Effect for policy: Latest TLS version should be used in your Web App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-eaebaea7-8013-4ceb-9d14-7eb32271373c": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure Function app has 'Client Certificates (Incoming client certificates)' set to 'On'", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-5bb220d9-2698-4ee4-8404-b9c30c9df609": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef": { "type": "String", "metadata": { "displayName": "Effect for policy: Managed identity should be used in your API App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f": { "type": "String", "metadata": { "displayName": "Effect for policy: Managed identity should be used in your Function App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-2b9ad585-36bc-4615-b300-fd4435808332": { "type": "String", "metadata": { "displayName": "Effect for policy: Managed identity should be used in your Web App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'PHP version' is the latest, if used as a part of the API app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "PHPLatestVersion": { "type": "String", "metadata": { "displayName": "Latest PHP version for App Services", "description": "Latest supported PHP version for App Services" }, "defaultValue": "7.3" }, "effect-7261b898-8a84-4db8-9e04-18527132abb3": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'PHP version' is the latest, if used as a part of the WEB app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-74c3584d-afae-46f7-a20a-6f8adba71a16": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'Python version' is the latest, if used as a part of the API app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "LinuxPythonLatestVersion": { "type": "String", "metadata": { "displayName": "Latest Python version for Linux for App Services", "description": "Latest supported Python version for App Services" }, "defaultValue": "3.8" }, "effect-7238174a-fd10-4ef0-817e-fc820a951d73": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'Python version' is the latest, if used as a part of the Function app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-7008174a-fd10-4ef0-817e-fc820a951d73": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'Python version' is the latest, if used as a part of the Web app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-88999f4c-376a-45c8-bcb3-4058f713cf39": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'Java version' is the latest, if used as a part of the API app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "JavaLatestVersion": { "type": "String", "metadata": { "displayName": "Latest Java version for App Services", "description": "Latest supported Java version for App Services" }, "defaultValue": "11" }, "effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'Java version' is the latest, if used as a part of the Function app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-496223c3-ad65-4ecd-878a-bae78737e9ed": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'Java version' is the latest, if used as a part of the Web app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-991310cd-e9f3-47bc-b7b6-f57b557d07db": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'HTTP Version' is the latest, if used to run the API app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-e2c1c086-2d84-4019-bff3-c44ccd95113c": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'HTTP Version' is the latest, if used to run the Function app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae": { "type": "String", "metadata": { "displayName": "Effect for policy: Ensure that 'HTTP Version' is the latest, if used to run the Web app", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5": { "type": "String", "metadata": { "displayName": "Effect for policy: FTPS only should be required in your API App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-399b2637-a50f-4f95-96f8-3a145476eb15": { "type": "String", "metadata": { "displayName": "Effect for policy: FTPS only should be required in your Function App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b": { "type": "String", "metadata": { "displayName": "Effect for policy: FTPS should be required in your Web App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" } }, "policyDefinitions": [ { "policyDefinitionReferenceId": "aa633080-8b72-40c4-a2d7-d00c03e80bed", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed", "parameters": { "effect": { "value": "[parameters('effect-aa633080-8b72-40c4-a2d7-d00c03e80bed')]" } }, "groupNames": [ "CIS_Azure_1.3.0_1.1" ] }, { "policyDefinitionReferenceId": "9297c21d-2ed6-4474-b48f-163f75654ce3", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3", "parameters": { "effect": { "value": "[parameters('effect-9297c21d-2ed6-4474-b48f-163f75654ce3')]" } }, "groupNames": [ "CIS_Azure_1.3.0_1.1" ] }, { "policyDefinitionReferenceId": "e3576e28-8b17-4677-84c3-db2990658d64", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64", "parameters": { "effect": { "value": "[parameters('effect-e3576e28-8b17-4677-84c3-db2990658d64')]" } }, "groupNames": [ "CIS_Azure_1.3.0_1.2" ] }, { "policyDefinitionReferenceId": "5f76cf89-fbf2-47fd-a3f4-b891fa780b60", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60", "parameters": { "effect": { "value": "[parameters('effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60')]" } }, "groupNames": [ "CIS_Azure_1.3.0_1.3" ] }, { "policyDefinitionReferenceId": "5c607a2e-c700-4744-8254-d77e7c9eb5e4", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4", "parameters": { "effect": { "value": "[parameters('effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4')]" } }, "groupNames": [ "CIS_Azure_1.3.0_1.3" ] }, { "policyDefinitionReferenceId": "f8456c1c-aa66-4dfb-861a-25d127b775c9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9", "parameters": { "effect": { "value": "[parameters('effect-f8456c1c-aa66-4dfb-861a-25d127b775c9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_1.3" ] }, { "policyDefinitionReferenceId": "10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9", "parameters": { "effect": { "value": "[parameters('effect-10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_1.21" ] }, { "policyDefinitionReferenceId": "4da35fc9-c9e7-4960-aec9-797fe7d9051d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d", "parameters": { "effect": { "value": "[parameters('effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.1" ] }, { "policyDefinitionReferenceId": "2913021d-f2fd-4f3d-b958-22354e2bdbcb", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb", "parameters": { "effect": { "value": "[parameters('effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.2" ] }, { "policyDefinitionReferenceId": "7fe3b40f-802b-4cdd-8bd4-fd799c948cc2", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2", "parameters": { "effect": { "value": "[parameters('effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.3" ] }, { "policyDefinitionReferenceId": "6581d072-105e-4418-827f-bd446d56421b", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b", "parameters": { "effect": { "value": "[parameters('effect-6581d072-105e-4418-827f-bd446d56421b')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.4" ] }, { "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", "parameters": { "effect": { "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.5" ] }, { "policyDefinitionReferenceId": "523b5cd1-3e23-492f-a539-13118b6d1e3a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a", "parameters": { "effect": { "value": "[parameters('effect-523b5cd1-3e23-492f-a539-13118b6d1e3a')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.6" ] }, { "policyDefinitionReferenceId": "c25d9a16-bc35-4e15-a7e5-9db606bf9ed4", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4", "parameters": { "effect": { "value": "[parameters('effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.7" ] }, { "policyDefinitionReferenceId": "0e6763cc-5078-4e64-889d-ff4d9a839047", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047", "parameters": { "effect": { "value": "[parameters('effect-0e6763cc-5078-4e64-889d-ff4d9a839047')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.8" ] }, { "policyDefinitionReferenceId": "475aae12-b88a-4572-8b36-9b712b2b3a17", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/475aae12-b88a-4572-8b36-9b712b2b3a17", "parameters": { "effect": { "value": "[parameters('effect-475aae12-b88a-4572-8b36-9b712b2b3a17')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.11" ] }, { "policyDefinitionReferenceId": "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", "parameters": { "effect": { "value": "[parameters('effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.13" ] }, { "policyDefinitionReferenceId": "6e2593d9-add6-4083-9c9b-4b7d2188c899", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899", "parameters": { "effect": { "value": "[parameters('effect-6e2593d9-add6-4083-9c9b-4b7d2188c899')]" } }, "groupNames": [ "CIS_Azure_1.3.0_2.14" ] }, { "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", "parameters": { "effect": { "value": "[parameters('effect-404c3081-a854-4457-ae30-26a93ef643f9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_3.1" ] }, { "policyDefinitionReferenceId": "4fa4b6c0-31ca-4c0d-b10d-24b96f62a751", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751", "parameters": { "effect": { "value": "[parameters('effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751')]" } }, "groupNames": [ "CIS_Azure_1.3.0_3.5", "CIS_Azure_1.3.0_5.1.3" ] }, { "policyDefinitionReferenceId": "34c877ad-507e-4c82-993e-3452a6e0ad3c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c", "parameters": { "effect": { "value": "[parameters('effect-34c877ad-507e-4c82-993e-3452a6e0ad3c')]" } }, "groupNames": [ "CIS_Azure_1.3.0_3.6" ] }, { "policyDefinitionReferenceId": "2a1a9cdf-e04d-429a-8416-3bfb72a1b26f", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f", "parameters": { "effect": { "value": "[parameters('effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f')]" } }, "groupNames": [ "CIS_Azure_1.3.0_3.6" ] }, { "policyDefinitionReferenceId": "c9d007d0-c057-4772-b18c-01e546713bcd", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd", "parameters": { "effect": { "value": "[parameters('effect-c9d007d0-c057-4772-b18c-01e546713bcd')]" } }, "groupNames": [ "CIS_Azure_1.3.0_3.7" ] }, { "policyDefinitionReferenceId": "6fac406b-40ca-413b-bf8e-0bf964659c25", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25", "parameters": { "effect": { "value": "[parameters('effect-6fac406b-40ca-413b-bf8e-0bf964659c25')]" } }, "groupNames": [ "CIS_Azure_1.3.0_3.9" ] }, { "policyDefinitionReferenceId": "a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9", "parameters": { "effect": { "value": "[parameters('effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]" }, "setting": { "value": "[parameters('setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.1.1" ] }, { "policyDefinitionReferenceId": "17k78e20-9358-41c9-923c-fb736d382a12", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12", "parameters": { "effect": { "value": "[parameters('effect-17k78e20-9358-41c9-923c-fb736d382a12')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.1.2" ] }, { "policyDefinitionReferenceId": "89099bee-89e0-4b26-a5f4-165451757743", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743", "parameters": { "effect": { "value": "[parameters('effect-89099bee-89e0-4b26-a5f4-165451757743')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.1.3" ] }, { "policyDefinitionReferenceId": "abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9", "parameters": { "effect": { "value": "[parameters('effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.2.1" ] }, { "policyDefinitionReferenceId": "abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9", "parameters": { "effect": { "value": "[parameters('effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.2.1" ] }, { "policyDefinitionReferenceId": "ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9", "parameters": { "effect": { "value": "[parameters('effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.2.2" ] }, { "policyDefinitionReferenceId": "1b7aa243-30e4-4c9e-bca8-d0d3022b634a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a", "parameters": { "effect": { "value": "[parameters('effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.2.2" ] }, { "policyDefinitionReferenceId": "057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9", "parameters": { "effect": { "value": "[parameters('effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.2.4" ] }, { "policyDefinitionReferenceId": "e802a67a-daf5-4436-9ea6-f6d821dd0c5d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d", "parameters": { "effect": { "value": "[parameters('effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.3.1" ] }, { "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af", "parameters": { "effect": { "value": "[parameters('effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.3.2" ] }, { "policyDefinitionReferenceId": "eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d", "parameters": { "effect": { "value": "[parameters('effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.3.3" ] }, { "policyDefinitionReferenceId": "eb6f77b9-bd53-4e35-a23d-7f65d5f0e442", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e442", "parameters": { "effect": { "value": "[parameters('effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e442')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.3.4" ] }, { "policyDefinitionReferenceId": "eb6f77b9-bd53-4e35-a23d-7f65d5f0e446", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e446", "parameters": { "effect": { "value": "[parameters('effect-eb6f77b9-bd53-4e35-a23d-7f65d5f0e446')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.3.5" ] }, { "policyDefinitionReferenceId": "5345bb39-67dc-4960-a1bf-427e16b9a0bd", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5345bb39-67dc-4960-a1bf-427e16b9a0bd", "parameters": { "effect": { "value": "[parameters('effect-5345bb39-67dc-4960-a1bf-427e16b9a0bd')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.3.6" ] }, { "policyDefinitionReferenceId": "1f314764-cb73-4fc9-b863-8eca98ac36e9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9", "parameters": { "effect": { "value": "[parameters('effect-1f314764-cb73-4fc9-b863-8eca98ac36e9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.4" ] }, { "policyDefinitionReferenceId": "0d134df8-db83-46fb-ad72-fe0c9428c8dd", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd", "parameters": { "effect": { "value": "[parameters('effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.5" ] }, { "policyDefinitionReferenceId": "048248b0-55cd-46da-b1ff-39efd52db260", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260", "parameters": { "effect": { "value": "[parameters('effect-048248b0-55cd-46da-b1ff-39efd52db260')]" } }, "groupNames": [ "CIS_Azure_1.3.0_4.5" ] }, { "policyDefinitionReferenceId": "fbb99e8e-e444-4da0-9ff1-75c92f5a85b2", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fbb99e8e-e444-4da0-9ff1-75c92f5a85b2", "parameters": { "effect": { "value": "[parameters('effect-fbb99e8e-e444-4da0-9ff1-75c92f5a85b2')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.1.4" ] }, { "policyDefinitionReferenceId": "c5447c04-a4d7-4ba8-a263-c9ee321a6858-0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858", "parameters": { "effect": { "value": "[parameters('effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-write')]" }, "operationName": { "value": "Microsoft.Authorization/policyAssignments/write" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.1" ] }, { "policyDefinitionReferenceId": "c5447c04-a4d7-4ba8-a263-c9ee321a6858-1", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858", "parameters": { "effect": { "value": "[parameters('effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858-MicrosoftAuthorization-policyAssignments-delete')]" }, "operationName": { "value": "Microsoft.Authorization/policyAssignments/delete" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.2" ] }, { "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a", "parameters": { "effect": { "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-write')]" }, "operationName": { "value": "Microsoft.Network/networkSecurityGroups/write" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.3" ] }, { "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-1", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a", "parameters": { "effect": { "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete')]" }, "operationName": { "value": "Microsoft.Network/networkSecurityGroups/delete" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.4" ] }, { "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-2", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a", "parameters": { "effect": { "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-write')]" }, "operationName": { "value": "Microsoft.Network/networkSecurityGroups/securityRules/write" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.5" ] }, { "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-3", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a", "parameters": { "effect": { "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete')]" }, "operationName": { "value": "Microsoft.Network/networkSecurityGroups/securityRules/delete" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.6" ] }, { "policyDefinitionReferenceId": "3b980d31-7904-4bb7-8575-5665739a8052-0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052", "parameters": { "effect": { "value": "[parameters('effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-write')]" }, "operationName": { "value": "Microsoft.Security/securitySolutions/write" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.7" ] }, { "policyDefinitionReferenceId": "3b980d31-7904-4bb7-8575-5665739a8052-1", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052", "parameters": { "effect": { "value": "[parameters('effect-3b980d31-7904-4bb7-8575-5665739a8052-MicrosoftSecurity-securitySolutions-delete')]" }, "operationName": { "value": "Microsoft.Security/securitySolutions/delete" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.8" ] }, { "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-4", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a", "parameters": { "effect": { "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-write')]" }, "operationName": { "value": "Microsoft.Sql/servers/firewallRules/write" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.9" ] }, { "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a", "parameters": { "effect": { "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete')]" }, "operationName": { "value": "Microsoft.Sql/servers/firewallRules/delete" } }, "groupNames": [ "CIS_Azure_1.3.0_5.2.9" ] }, { "policyDefinitionReferenceId": "cf820ca0-f99e-4f3e-84fb-66e913812d21", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21", "parameters": { "effect": { "value": "[parameters('effect-cf820ca0-f99e-4f3e-84fb-66e913812d21')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.1.5", "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0", "parameters": { "effect": { "value": "[parameters('effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "428256e6-1fac-4f48-a757-df34c2b3336d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d", "parameters": { "effect": { "value": "[parameters('effect-428256e6-1fac-4f48-a757-df34c2b3336d')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "7c1b1214-f927-48bf-8882-84f0af6588b1", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1", "parameters": { "effect": { "value": "[parameters('effect-7c1b1214-f927-48bf-8882-84f0af6588b1')]" }, "includeAKSClusters": { "value": "[parameters('includeAKSClusters-7c1b1214-f927-48bf-8882-84f0af6588b1')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "057ef27e-665e-4328-8ea3-04b3122bd9fb", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb", "parameters": { "effect": { "value": "[parameters('effect-057ef27e-665e-4328-8ea3-04b3122bd9fb')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "c95c74d9-38fe-4f0d-af86-0c7d626a315c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c", "parameters": { "effect": { "value": "[parameters('effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "83a214f7-d01a-484b-91a9-ed54470c9a6a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a", "parameters": { "effect": { "value": "[parameters('effect-83a214f7-d01a-484b-91a9-ed54470c9a6a')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "383856f8-de7f-44a2-81fc-e5135b5c2aa4", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4", "parameters": { "effect": { "value": "[parameters('effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "34f95f76-5386-4de7-b824-0d8478470c9d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d", "parameters": { "effect": { "value": "[parameters('effect-34f95f76-5386-4de7-b824-0d8478470c9d')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "b4330a05-a843-4bc8-bf9a-cacce50c67f4", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4", "parameters": { "effect": { "value": "[parameters('effect-b4330a05-a843-4bc8-bf9a-cacce50c67f4')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "f8d36e2f-389b-4ee4-898d-21aeb69a0f45", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45", "parameters": { "effect": { "value": "[parameters('effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "f9be5368-9bf5-4b84-9e0a-7850da98bb46", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46", "parameters": { "effect": { "value": "[parameters('effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46')]" }, "requiredRetentionDays": { "value": "[parameters('requiredRetentionDays')]" } }, "groupNames": [ "CIS_Azure_1.3.0_5.3" ] }, { "policyDefinitionReferenceId": "e372f825-a257-4fb8-9175-797a8a8627d6", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e372f825-a257-4fb8-9175-797a8a8627d6", "parameters": { "effect": { "value": "[parameters('effect-e372f825-a257-4fb8-9175-797a8a8627d6')]" } }, "groupNames": [ "CIS_Azure_1.3.0_6.1" ] }, { "policyDefinitionReferenceId": "2c89a2e5-7285-40fe-afe0-ae8654b92fab", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fab", "parameters": { "effect": { "value": "[parameters('effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab')]" } }, "groupNames": [ "CIS_Azure_1.3.0_6.2" ] }, { "policyDefinitionReferenceId": "b6e2945c-0b7b-40f5-9233-7a5323b5cdc6", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6", "parameters": { "resourceGroupName": { "value": "[parameters('resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6')]" } }, "groupNames": [ "CIS_Azure_1.3.0_6.5" ] }, { "policyDefinitionReferenceId": "06a78e20-9358-41c9-923c-fb736d382a4d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d", "parameters": { }, "groupNames": [ "CIS_Azure_1.3.0_7.1" ] }, { "policyDefinitionReferenceId": "0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "parameters": { "effect": { "value": "[parameters('effect-0961003e-5a0a-4549-abde-af6a37f2724d')]" } }, "groupNames": [ "CIS_Azure_1.3.0_7.2" ] }, { "policyDefinitionReferenceId": "2c89a2e5-7285-40fe-afe0-ae8654b92fb2", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2", "parameters": { "effect": { "value": "[parameters('effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2')]" } }, "groupNames": [ "CIS_Azure_1.3.0_7.3" ] }, { "policyDefinitionReferenceId": "c0e996f8-39cf-4af9-9f45-83fbde810432", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432", "parameters": { "effect": { "value": "[parameters('effect-c0e996f8-39cf-4af9-9f45-83fbde810432')]" }, "approvedExtensions": { "value": "[parameters('approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432')]" } }, "groupNames": [ "CIS_Azure_1.3.0_7.4" ] }, { "policyDefinitionReferenceId": "86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "parameters": { "effect": { "value": "[parameters('effect-86b3d65f-7626-441e-b690-81a8b71cff60')]" } }, "groupNames": [ "CIS_Azure_1.3.0_7.5" ] }, { "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "parameters": { "effect": { "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" } }, "groupNames": [ "CIS_Azure_1.3.0_7.6" ] }, { "policyDefinitionReferenceId": "152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0", "parameters": { "effect": { "value": "[parameters('effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0')]" } }, "groupNames": [ "CIS_Azure_1.3.0_8.1" ] }, { "policyDefinitionReferenceId": "98728c90-32c7-4049-8429-847dc0f4fe37", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37", "parameters": { "effect": { "value": "[parameters('effect-98728c90-32c7-4049-8429-847dc0f4fe37')]" } }, "groupNames": [ "CIS_Azure_1.3.0_8.2" ] }, { "policyDefinitionReferenceId": "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53", "parameters": { "effect": { "value": "[parameters('effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53')]" } }, "groupNames": [ "CIS_Azure_1.3.0_8.4" ] }, { "policyDefinitionReferenceId": "ac4a19c2-fa67-49b4-8ae5-0b2e78c49457", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457", "parameters": { "effect": { "value": "[parameters('effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457')]" } }, "groupNames": [ "CIS_Azure_1.3.0_8.5" ] }, { "policyDefinitionReferenceId": "c4ebc54a-46e1-481a-bee2-d4411e95d828", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4ebc54a-46e1-481a-bee2-d4411e95d828", "parameters": { "effect": { "value": "[parameters('effect-c4ebc54a-46e1-481a-bee2-d4411e95d828')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.1" ] }, { "policyDefinitionReferenceId": "c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8", "parameters": { "effect": { "value": "[parameters('effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.1" ] }, { "policyDefinitionReferenceId": "95bccee9-a7f8-4bec-9ee9-62c3473701fc", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc", "parameters": { "effect": { "value": "[parameters('effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.1" ] }, { "policyDefinitionReferenceId": "a4af4a39-4135-47fb-b175-47fbdf85311d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d", "parameters": { "effect": { "value": "[parameters('effect-a4af4a39-4135-47fb-b175-47fbdf85311d')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.2" ] }, { "policyDefinitionReferenceId": "8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e", "parameters": { "effect": { "value": "[parameters('effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.3" ] }, { "policyDefinitionReferenceId": "f9d614c5-c173-4d56-95a7-b4437057d193", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193", "parameters": { "effect": { "value": "[parameters('effect-f9d614c5-c173-4d56-95a7-b4437057d193')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.3" ] }, { "policyDefinitionReferenceId": "f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b", "parameters": { "effect": { "value": "[parameters('effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.3" ] }, { "policyDefinitionReferenceId": "0c192fe8-9cbb-4516-85b3-0ade8bd03886", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0c192fe8-9cbb-4516-85b3-0ade8bd03886", "parameters": { "effect": { "value": "[parameters('effect-0c192fe8-9cbb-4516-85b3-0ade8bd03886')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.4" ] }, { "policyDefinitionReferenceId": "eaebaea7-8013-4ceb-9d14-7eb32271373c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eaebaea7-8013-4ceb-9d14-7eb32271373c", "parameters": { "effect": { "value": "[parameters('effect-eaebaea7-8013-4ceb-9d14-7eb32271373c')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.4" ] }, { "policyDefinitionReferenceId": "5bb220d9-2698-4ee4-8404-b9c30c9df609", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5bb220d9-2698-4ee4-8404-b9c30c9df609", "parameters": { "effect": { "value": "[parameters('effect-5bb220d9-2698-4ee4-8404-b9c30c9df609')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.4" ] }, { "policyDefinitionReferenceId": "c4d441f8-f9d9-4a9e-9cef-e82117cb3eef", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4d441f8-f9d9-4a9e-9cef-e82117cb3eef", "parameters": { "effect": { "value": "[parameters('effect-c4d441f8-f9d9-4a9e-9cef-e82117cb3eef')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.5" ] }, { "policyDefinitionReferenceId": "0da106f2-4ca3-48e8-bc85-c638fe6aea8f", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f", "parameters": { "effect": { "value": "[parameters('effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.5" ] }, { "policyDefinitionReferenceId": "2b9ad585-36bc-4615-b300-fd4435808332", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332", "parameters": { "effect": { "value": "[parameters('effect-2b9ad585-36bc-4615-b300-fd4435808332')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.5" ] }, { "policyDefinitionReferenceId": "1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba", "parameters": { "effect": { "value": "[parameters('effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba')]" }, "PHPLatestVersion": { "value": "[parameters('PHPLatestVersion')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.6" ] }, { "policyDefinitionReferenceId": "7261b898-8a84-4db8-9e04-18527132abb3", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3", "parameters": { "effect": { "value": "[parameters('effect-7261b898-8a84-4db8-9e04-18527132abb3')]" }, "PHPLatestVersion": { "value": "[parameters('PHPLatestVersion')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.6" ] }, { "policyDefinitionReferenceId": "74c3584d-afae-46f7-a20a-6f8adba71a16", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16", "parameters": { "effect": { "value": "[parameters('effect-74c3584d-afae-46f7-a20a-6f8adba71a16')]" }, "LinuxPythonLatestVersion": { "value": "[parameters('LinuxPythonLatestVersion')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.7" ] }, { "policyDefinitionReferenceId": "7238174a-fd10-4ef0-817e-fc820a951d73", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73", "parameters": { "effect": { "value": "[parameters('effect-7238174a-fd10-4ef0-817e-fc820a951d73')]" }, "LinuxPythonLatestVersion": { "value": "[parameters('LinuxPythonLatestVersion')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.7" ] }, { "policyDefinitionReferenceId": "7008174a-fd10-4ef0-817e-fc820a951d73", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73", "parameters": { "effect": { "value": "[parameters('effect-7008174a-fd10-4ef0-817e-fc820a951d73')]" }, "LinuxPythonLatestVersion": { "value": "[parameters('LinuxPythonLatestVersion')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.7" ] }, { "policyDefinitionReferenceId": "88999f4c-376a-45c8-bcb3-4058f713cf39", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39", "parameters": { "effect": { "value": "[parameters('effect-88999f4c-376a-45c8-bcb3-4058f713cf39')]" }, "JavaLatestVersion": { "value": "[parameters('JavaLatestVersion')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.8" ] }, { "policyDefinitionReferenceId": "9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc", "parameters": { "effect": { "value": "[parameters('effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc')]" }, "JavaLatestVersion": { "value": "[parameters('JavaLatestVersion')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.8" ] }, { "policyDefinitionReferenceId": "496223c3-ad65-4ecd-878a-bae78737e9ed", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed", "parameters": { "effect": { "value": "[parameters('effect-496223c3-ad65-4ecd-878a-bae78737e9ed')]" }, "JavaLatestVersion": { "value": "[parameters('JavaLatestVersion')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.8" ] }, { "policyDefinitionReferenceId": "991310cd-e9f3-47bc-b7b6-f57b557d07db", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db", "parameters": { "effect": { "value": "[parameters('effect-991310cd-e9f3-47bc-b7b6-f57b557d07db')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.9" ] }, { "policyDefinitionReferenceId": "e2c1c086-2d84-4019-bff3-c44ccd95113c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c", "parameters": { "effect": { "value": "[parameters('effect-e2c1c086-2d84-4019-bff3-c44ccd95113c')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.9" ] }, { "policyDefinitionReferenceId": "8c122334-9d20-4eb8-89ea-ac9a705b74ae", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae", "parameters": { "effect": { "value": "[parameters('effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.9" ] }, { "policyDefinitionReferenceId": "9a1b8c48-453a-4044-86c3-d8bfd823e4f5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9a1b8c48-453a-4044-86c3-d8bfd823e4f5", "parameters": { "effect": { "value": "[parameters('effect-9a1b8c48-453a-4044-86c3-d8bfd823e4f5')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.10" ] }, { "policyDefinitionReferenceId": "399b2637-a50f-4f95-96f8-3a145476eb15", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/399b2637-a50f-4f95-96f8-3a145476eb15", "parameters": { "effect": { "value": "[parameters('effect-399b2637-a50f-4f95-96f8-3a145476eb15')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.10" ] }, { "policyDefinitionReferenceId": "4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b", "parameters": { "effect": { "value": "[parameters('effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b')]" } }, "groupNames": [ "CIS_Azure_1.3.0_9.10" ] } ], "policyDefinitionGroups": [ { "name": "CIS_Azure_1.3.0_1.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.1" }, { "name": "CIS_Azure_1.3.0_1.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.2" }, { "name": "CIS_Azure_1.3.0_1.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.3" }, { "name": "CIS_Azure_1.3.0_1.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.4" }, { "name": "CIS_Azure_1.3.0_1.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.5" }, { "name": "CIS_Azure_1.3.0_1.6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.6" }, { "name": "CIS_Azure_1.3.0_1.7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.7" }, { "name": "CIS_Azure_1.3.0_1.8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.8" }, { "name": "CIS_Azure_1.3.0_1.9", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.9" }, { "name": "CIS_Azure_1.3.0_1.10", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.10" }, { "name": "CIS_Azure_1.3.0_1.11", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.11" }, { "name": "CIS_Azure_1.3.0_1.12", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.12" }, { "name": "CIS_Azure_1.3.0_1.13", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.13" }, { "name": "CIS_Azure_1.3.0_1.14", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.14" }, { "name": "CIS_Azure_1.3.0_1.15", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.15" }, { "name": "CIS_Azure_1.3.0_1.16", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.16" }, { "name": "CIS_Azure_1.3.0_1.17", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.17" }, { "name": "CIS_Azure_1.3.0_1.18", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.18" }, { "name": "CIS_Azure_1.3.0_1.19", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.19" }, { "name": "CIS_Azure_1.3.0_1.20", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.20" }, { "name": "CIS_Azure_1.3.0_1.21", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.21" }, { "name": "CIS_Azure_1.3.0_1.22", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.22" }, { "name": "CIS_Azure_1.3.0_1.23", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_1.23" }, { "name": "CIS_Azure_1.3.0_2.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.1" }, { "name": "CIS_Azure_1.3.0_2.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.2" }, { "name": "CIS_Azure_1.3.0_2.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.3" }, { "name": "CIS_Azure_1.3.0_2.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.4" }, { "name": "CIS_Azure_1.3.0_2.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.5" }, { "name": "CIS_Azure_1.3.0_2.6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.6" }, { "name": "CIS_Azure_1.3.0_2.7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.7" }, { "name": "CIS_Azure_1.3.0_2.8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.8" }, { "name": "CIS_Azure_1.3.0_2.9", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.9" }, { "name": "CIS_Azure_1.3.0_2.10", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.10" }, { "name": "CIS_Azure_1.3.0_2.11", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.11" }, { "name": "CIS_Azure_1.3.0_2.12", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.12" }, { "name": "CIS_Azure_1.3.0_2.13", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.13" }, { "name": "CIS_Azure_1.3.0_2.14", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.14" }, { "name": "CIS_Azure_1.3.0_2.15", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_2.15" }, { "name": "CIS_Azure_1.3.0_3.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.1" }, { "name": "CIS_Azure_1.3.0_3.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.2" }, { "name": "CIS_Azure_1.3.0_3.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.3" }, { "name": "CIS_Azure_1.3.0_3.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.4" }, { "name": "CIS_Azure_1.3.0_3.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.5" }, { "name": "CIS_Azure_1.3.0_3.6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.6" }, { "name": "CIS_Azure_1.3.0_3.7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.7" }, { "name": "CIS_Azure_1.3.0_3.8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.8" }, { "name": "CIS_Azure_1.3.0_3.9", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.9" }, { "name": "CIS_Azure_1.3.0_3.10", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.10" }, { "name": "CIS_Azure_1.3.0_3.11", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_3.11" }, { "name": "CIS_Azure_1.3.0_4.1.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.1" }, { "name": "CIS_Azure_1.3.0_4.1.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.2" }, { "name": "CIS_Azure_1.3.0_4.1.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.1.3" }, { "name": "CIS_Azure_1.3.0_4.2.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.1" }, { "name": "CIS_Azure_1.3.0_4.2.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.2" }, { "name": "CIS_Azure_1.3.0_4.2.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.3" }, { "name": "CIS_Azure_1.3.0_4.2.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.4" }, { "name": "CIS_Azure_1.3.0_4.2.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.2.5" }, { "name": "CIS_Azure_1.3.0_4.3.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.1" }, { "name": "CIS_Azure_1.3.0_4.3.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.2" }, { "name": "CIS_Azure_1.3.0_4.3.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.3" }, { "name": "CIS_Azure_1.3.0_4.3.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.4" }, { "name": "CIS_Azure_1.3.0_4.3.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.5" }, { "name": "CIS_Azure_1.3.0_4.3.6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.6" }, { "name": "CIS_Azure_1.3.0_4.3.7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.7" }, { "name": "CIS_Azure_1.3.0_4.3.8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.3.8" }, { "name": "CIS_Azure_1.3.0_4.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.4" }, { "name": "CIS_Azure_1.3.0_4.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_4.5" }, { "name": "CIS_Azure_1.3.0_5.1.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.1" }, { "name": "CIS_Azure_1.3.0_5.1.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.2" }, { "name": "CIS_Azure_1.3.0_5.1.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.3" }, { "name": "CIS_Azure_1.3.0_5.1.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.4" }, { "name": "CIS_Azure_1.3.0_5.1.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.1.5" }, { "name": "CIS_Azure_1.3.0_5.2.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.1" }, { "name": "CIS_Azure_1.3.0_5.2.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.2" }, { "name": "CIS_Azure_1.3.0_5.2.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.3" }, { "name": "CIS_Azure_1.3.0_5.2.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.4" }, { "name": "CIS_Azure_1.3.0_5.2.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.5" }, { "name": "CIS_Azure_1.3.0_5.2.6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.6" }, { "name": "CIS_Azure_1.3.0_5.2.7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.7" }, { "name": "CIS_Azure_1.3.0_5.2.8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.8" }, { "name": "CIS_Azure_1.3.0_5.2.9", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.2.9" }, { "name": "CIS_Azure_1.3.0_5.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_5.3" }, { "name": "CIS_Azure_1.3.0_6.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.1" }, { "name": "CIS_Azure_1.3.0_6.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.2" }, { "name": "CIS_Azure_1.3.0_6.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.3" }, { "name": "CIS_Azure_1.3.0_6.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.4" }, { "name": "CIS_Azure_1.3.0_6.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.5" }, { "name": "CIS_Azure_1.3.0_6.6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_6.6" }, { "name": "CIS_Azure_1.3.0_7.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.1" }, { "name": "CIS_Azure_1.3.0_7.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.2" }, { "name": "CIS_Azure_1.3.0_7.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.3" }, { "name": "CIS_Azure_1.3.0_7.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.4" }, { "name": "CIS_Azure_1.3.0_7.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.5" }, { "name": "CIS_Azure_1.3.0_7.6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.6" }, { "name": "CIS_Azure_1.3.0_7.7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_7.7" }, { "name": "CIS_Azure_1.3.0_8.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.1" }, { "name": "CIS_Azure_1.3.0_8.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.2" }, { "name": "CIS_Azure_1.3.0_8.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.3" }, { "name": "CIS_Azure_1.3.0_8.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.4" }, { "name": "CIS_Azure_1.3.0_8.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_8.5" }, { "name": "CIS_Azure_1.3.0_9.1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.1" }, { "name": "CIS_Azure_1.3.0_9.2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.2" }, { "name": "CIS_Azure_1.3.0_9.3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.3" }, { "name": "CIS_Azure_1.3.0_9.4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.4" }, { "name": "CIS_Azure_1.3.0_9.5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.5" }, { "name": "CIS_Azure_1.3.0_9.6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.6" }, { "name": "CIS_Azure_1.3.0_9.7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.7" }, { "name": "CIS_Azure_1.3.0_9.8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.8" }, { "name": "CIS_Azure_1.3.0_9.9", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.9" }, { "name": "CIS_Azure_1.3.0_9.10", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.10" }, { "name": "CIS_Azure_1.3.0_9.11", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CIS_Azure_1.3.0_9.11" } ] }, "id": "/providers/Microsoft.Authorization/policySetDefinitions/612b5213-9160-4969-8578-1518bd2a000c", "type": "Microsoft.Authorization/policySetDefinitions", "name": "612b5213-9160-4969-8578-1518bd2a000c" }