Unknown, no evidence if PolicySet definition is/not available in AzureUSGovernment
Type
BuiltIn
Deprecated
False
Preview
False
Policy-used summary
Policy types
Policy states
Policy categories
Total Policies: 300
Builtin Policies: 300
Static Policies: 0
GA: 280 Preview: 20
41 categories:
API for FHIR: 3 API Management: 4 App Configuration: 3 App Platform: 1 App Service: 20 Automation: 2 Azure Ai Services: 3 Azure Data Explorer: 3 Azure Stack Edge: 1 Azure Update Manager: 1 Backup: 3 Batch: 3 Cache: 2 Cognitive Services: 2 Compute: 12 Container Instance: 2 Container Registry: 4 Cosmos DB: 5 Data Lake: 2 Event Grid: 2 Event Hub: 5 General: 2 Guest Configuration: 30 Internet of Things: 3 Key Vault: 14 Kubernetes: 7 Logic Apps: 1 Machine Learning: 7 Monitoring: 20 Network: 18 Security Center: 42 Service Bus: 4 Service Fabric: 2 SignalR: 1 Site Recovery: 1 SQL: 39 Storage: 17 Stream Analytics: 2 Synapse: 5 VM Image Builder: 1 Web PubSub: 1
Policy-used
Rows: 1-10 / 300
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
"displayName": "EU General Data Protection Regulation (GDPR) 2016/679",
3
"description": "Comprehensive data protection law regulating personal data processing within the EU.",
4
"metadata": {
5
- "version": "1.3.0",
6
"category": "Regulatory Compliance"
7
},
8
- "version": "1.3.0",
9
"parameters": {
10
"effect-45e05259-1eb5-4f70-9574-baf73e9d219b": {
11
"type": "String",
12
"metadata": {
13
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
14
"description": "For more information about effects, visit https://aka.ms/policyeffects"
15
},
16
"allowedValues": [
17
"Audit",
@@ -21,9 +21,9 @@
21
},
22
"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa": {
23
"type": "String",
24
"metadata": {
25
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
26
"description": "For more information about effects, visit https://aka.ms/policyeffects"
27
},
28
"allowedValues": [
29
"Audit",
@@ -34,9 +34,9 @@
34
},
35
"effect-f655e522-adff-494d-95c2-52d4f6d56a42": {
36
"type": "String",
37
"metadata": {
38
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
39
"description": "For more information about effects, visit https://aka.ms/policyeffects"
40
},
41
"allowedValues": [
42
"AuditIfNotExists",
@@ -46,9 +46,9 @@
46
},
47
"effect-40e85574-ef33-47e8-a854-7a65c7500560": {
48
"type": "String",
49
"metadata": {
50
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
51
"description": "For more information about effects, visit https://aka.ms/policyeffects"
52
},
53
"allowedValues": [
54
"AuditIfNotExists",
@@ -58,9 +58,9 @@
58
},
59
"effect-fa298e57-9444-42ba-bf04-86e8470e32c7": {
60
"type": "String",
61
"metadata": {
62
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
63
"description": "For more information about effects, visit https://aka.ms/policyeffects"
64
},
65
"allowedValues": [
66
"Audit",
@@ -71,9 +71,9 @@
71
},
72
"effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0": {
73
"type": "String",
74
"metadata": {
75
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
76
"description": "For more information about effects, visit https://aka.ms/policyeffects"
77
},
78
"allowedValues": [
79
"Audit",
@@ -97,9 +97,9 @@
97
},
98
"effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023": {
99
"type": "String",
100
"metadata": {
101
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
102
"description": "For more information about effects, visit https://aka.ms/policyeffects"
103
},
104
"allowedValues": [
105
"AuditIfNotExists",
@@ -109,9 +109,9 @@
109
},
110
"effect-df39c015-56a4-45de-b4a3-efe77bed320d": {
111
"type": "String",
112
"metadata": {
113
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
114
"description": "For more information about effects, visit https://aka.ms/policyeffects"
115
},
116
"allowedValues": [
117
"Audit",
@@ -121,9 +121,9 @@
121
},
122
"effect-3b980d31-7904-4bb7-8575-5665739a8052": {
123
"type": "String",
124
"metadata": {
125
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
126
"description": "For more information about effects, visit https://aka.ms/policyeffects"
127
},
128
"allowedValues": [
129
"AuditIfNotExists",
@@ -145,9 +145,9 @@
145
},
146
"effect-c251913d-7d24-4958-af87-478ed3b9ba41": {
147
"type": "String",
148
"metadata": {
149
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
150
"description": "For more information about effects, visit https://aka.ms/policyeffects"
151
},
152
"allowedValues": [
153
"Audit",
@@ -157,9 +157,9 @@
157
},
158
"effect-47031206-ce96-41f8-861b-6a915f3de284": {
159
"type": "String",
160
"metadata": {
161
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
162
"description": "For more information about effects, visit https://aka.ms/policyeffects"
163
},
164
"allowedValues": [
165
"Audit",
@@ -170,9 +170,9 @@
170
},
171
"effect-6b2122c1-8120-4ff5-801b-17625a355590": {
172
"type": "String",
173
"metadata": {
174
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
175
"description": "For more information about effects, visit https://aka.ms/policyeffects"
176
},
177
"allowedValues": [
178
"AuditIfNotExists",
@@ -182,9 +182,9 @@
182
},
183
"effect-2e94d99a-8a36-4563-bc77-810d8893b671": {
184
"type": "String",
185
"metadata": {
186
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
187
"description": "For more information about effects, visit https://aka.ms/policyeffects"
188
},
189
"allowedValues": [
190
"Audit",
@@ -207,9 +207,9 @@
207
},
208
"effect-a1817ec0-a368-432a-8057-8371e17ac6ee": {
209
"type": "String",
210
"metadata": {
211
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
212
"description": "For more information about effects, visit https://aka.ms/policyeffects"
213
},
214
"allowedValues": [
215
"Audit",
@@ -220,9 +220,9 @@
220
},
221
"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb": {
222
"type": "String",
223
"metadata": {
224
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
225
"description": "For more information about effects, visit https://aka.ms/policyeffects"
226
},
227
"allowedValues": [
228
"AuditIfNotExists",
@@ -232,9 +232,9 @@
232
},
233
"effect-0a15ec92-a229-4763-bb14-0ea34a568f8d": {
234
"type": "String",
235
"metadata": {
236
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
237
"description": "For more information about effects, visit https://aka.ms/policyeffects"
238
},
239
"allowedValues": [
240
"Audit",
@@ -244,9 +244,9 @@
244
},
245
"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9": {
246
"type": "String",
247
"metadata": {
248
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
249
"description": "For more information about effects, visit https://aka.ms/policyeffects"
250
},
251
"allowedValues": [
252
"AuditIfNotExists",
@@ -256,9 +256,9 @@
256
},
257
"effect-a2a5b911-5617-447e-a49e-59dbe0e0434b": {
258
"type": "String",
259
"metadata": {
260
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
261
"description": "For more information about effects, visit https://aka.ms/policyeffects"
262
},
263
"allowedValues": [
264
"AuditIfNotExists",
@@ -276,9 +276,9 @@
276
},
277
"effect-7804b5c7-01dc-4723-969b-ae300cc07ff1": {
278
"type": "String",
279
"metadata": {
280
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
281
"description": "For more information about effects, visit https://aka.ms/policyeffects"
282
},
283
"allowedValues": [
284
"Audit",
@@ -288,9 +288,9 @@
288
},
289
"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c": {
290
"type": "String",
291
"metadata": {
292
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
293
"description": "For more information about effects, visit https://aka.ms/policyeffects"
294
},
295
"allowedValues": [
296
"Audit",
@@ -301,9 +301,9 @@
301
},
302
"effect-3e596b57-105f-48a6-be97-03e9243bad6e": {
303
"type": "String",
304
"metadata": {
305
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
306
"description": "For more information about effects, visit https://aka.ms/policyeffects"
307
},
308
"allowedValues": [
309
"AuditIfNotExists",
@@ -313,9 +313,9 @@
313
},
314
"effect-3dc5edcd-002d-444c-b216-e123bbfa37c0": {
315
"type": "String",
316
"metadata": {
317
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
318
"description": "For more information about effects, visit https://aka.ms/policyeffects"
319
},
320
"allowedValues": [
321
"AuditIfNotExists",
@@ -325,9 +325,9 @@
325
},
326
"effect-8af8f826-edcb-4178-b35f-851ea6fea615": {
327
"type": "String",
328
"metadata": {
329
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
330
"description": "For more information about effects, visit https://aka.ms/policyeffects"
331
},
332
"allowedValues": [
333
"Audit",
@@ -338,9 +338,9 @@
338
},
339
"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5": {
340
"type": "String",
341
"metadata": {
342
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
343
"description": "For more information about effects, visit https://aka.ms/policyeffects"
344
},
345
"allowedValues": [
346
"Audit",
@@ -350,9 +350,9 @@
350
},
351
"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d": {
352
"type": "String",
353
"metadata": {
354
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
355
"description": "For more information about effects, visit https://aka.ms/policyeffects"
356
},
357
"allowedValues": [
358
"Audit",
@@ -363,9 +363,9 @@
363
},
364
"effect-7ff426e2-515f-405a-91c8-4f2333442eb5": {
365
"type": "String",
366
"metadata": {
367
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
368
"description": "For more information about effects, visit https://aka.ms/policyeffects"
369
},
370
"allowedValues": [
371
"AuditIfNotExists",
@@ -375,9 +375,9 @@
375
},
376
"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc": {
377
"type": "String",
378
"metadata": {
379
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
380
"description": "For more information about effects, visit https://aka.ms/policyeffects"
381
},
382
"allowedValues": [
383
"Audit",
@@ -388,9 +388,9 @@
388
},
389
"effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4": {
390
"type": "String",
391
"metadata": {
392
- "displayName": "Effect for policy: Anactivitylog alert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
393
"description": "For more information about effects, visit https://aka.ms/policyeffects"
394
},
395
"allowedValues": [
396
"Audit",
@@ -400,9 +400,9 @@
400
},
401
"effect-98728c90-32c7-4049-8429-847dc0f4fe37": {
402
"type": "String",
403
"metadata": {
404
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
405
"description": "For more information about effects, visit https://aka.ms/policyeffects"
406
},
407
"allowedValues": [
408
"Audit",
@@ -413,9 +413,9 @@
413
},
414
"effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2": {
415
"type": "String",
416
"metadata": {
417
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
418
"description": "For more information about effects, visit https://aka.ms/policyeffects"
419
},
420
"allowedValues": [
421
"Audit",
@@ -447,9 +447,9 @@
447
},
448
"effect-33936777-f2ac-45aa-82ec-07958ec9ade4": {
449
"type": "String",
450
"metadata": {
451
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
452
"description": "For more information about effects, visit https://aka.ms/policyeffects"
453
},
454
"allowedValues": [
455
"AuditIfNotExists",
@@ -459,9 +459,9 @@
459
},
460
"effect-83a214f7-d01a-484b-91a9-ed54470c9a6a": {
461
"type": "String",
462
"metadata": {
463
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
464
"description": "For more information about effects, visit https://aka.ms/policyeffects"
465
},
466
"allowedValues": [
467
"AuditIfNotExists",
@@ -479,9 +479,9 @@
479
},
480
"effect-f9d614c5-c173-4d56-95a7-b4437057d193": {
481
"type": "String",
482
"metadata": {
483
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
484
"description": "For more information about effects, visit https://aka.ms/policyeffects"
485
},
486
"allowedValues": [
487
"AuditIfNotExists",
@@ -491,9 +491,9 @@
491
},
492
"effect-3ac7c827-eea2-4bde-acc7-9568cd320efa": {
493
"type": "String",
494
"metadata": {
495
- "displayName": "Effect for policy: Anactivity log alert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
496
"description": "For more information about effects, visit https://aka.ms/policyeffects"
497
},
498
"allowedValues": [
499
"AuditIfNotExists",
@@ -503,9 +503,9 @@
503
},
504
"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d": {
505
"type": "String",
506
"metadata": {
507
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
508
"description": "For more information about effects, visit https://aka.ms/policyeffects"
509
},
510
"allowedValues": [
511
"Audit",
@@ -541,9 +541,9 @@
541
},
542
"effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b": {
543
"type": "String",
544
"metadata": {
545
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
546
"description": "For more information about effects, visit https://aka.ms/policyeffects"
547
},
548
"allowedValues": [
549
"AuditIfNotExists",
@@ -553,9 +553,9 @@
553
},
554
"effect-18adea5e-f416-4d0f-8aa8-d24321e3e274": {
555
"type": "String",
556
"metadata": {
557
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
558
"description": "For more information about effects, visit https://aka.ms/policyeffects"
559
},
560
"allowedValues": [
561
"AuditIfNotExists",
@@ -565,9 +565,9 @@
565
},
566
"effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea": {
567
"type": "String",
568
"metadata": {
569
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
570
"description": "For more information about effects, visit https://aka.ms/policyeffects"
571
},
572
"allowedValues": [
573
"Audit",
@@ -577,9 +577,9 @@
577
},
578
"effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": {
579
"type": "String",
580
"metadata": {
581
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
582
"description": "For more information about effects, visit https://aka.ms/policyeffects"
583
},
584
"allowedValues": [
585
"Audit",
@@ -590,9 +590,9 @@
590
},
591
"effect-0fdf0491-d080-4575-b627-ad0e843cba0f": {
592
"type": "String",
593
"metadata": {
594
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
595
"description": "For more information about effects, visit https://aka.ms/policyeffects"
596
},
597
"allowedValues": [
598
"Audit",
@@ -603,9 +603,9 @@
603
},
604
"effect-a4af4a39-4135-47fb-b175-47fbdf85311d": {
605
"type": "String",
606
"metadata": {
607
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
608
"description": "For more information about effects, visit https://aka.ms/policyeffects"
609
},
610
"allowedValues": [
611
"Audit",
@@ -616,9 +616,9 @@
616
},
617
"effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6": {
618
"type": "String",
619
"metadata": {
620
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
621
"description": "For more information about effects, visit https://aka.ms/policyeffects"
622
},
623
"allowedValues": [
624
"AuditIfNotExists",
@@ -636,9 +636,9 @@
636
},
637
"effect-404c3081-a854-4457-ae30-26a93ef643f9": {
638
"type": "String",
639
"metadata": {
640
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
641
"description": "For more information about effects, visit https://aka.ms/policyeffects"
642
},
643
"allowedValues": [
644
"Audit",
@@ -649,9 +649,9 @@
649
},
650
"effect-f7d52b2d-e161-4dfa-a82b-55e564167385": {
651
"type": "String",
652
"metadata": {
653
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
654
"description": "For more information about effects, visit https://aka.ms/policyeffects"
655
},
656
"allowedValues": [
657
"Audit",
@@ -662,9 +662,9 @@
662
},
663
"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67": {
664
"type": "String",
665
"metadata": {
666
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
667
"description": "For more information about effects, visit https://aka.ms/policyeffects"
668
},
669
"allowedValues": [
670
"Audit",
@@ -675,9 +675,9 @@
675
},
676
"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": {
677
"type": "String",
678
"metadata": {
679
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
680
"description": "For more information about effects, visit https://aka.ms/policyeffects"
681
},
682
"allowedValues": [
683
"AuditIfNotExists",
@@ -687,9 +687,9 @@
687
},
688
"effect-295fc8b1-dc9f-4f53-9c61-3f313ceab40a": {
689
"type": "String",
690
"metadata": {
691
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
692
"description": "For more information about effects, visit https://aka.ms/policyeffects"
693
},
694
"allowedValues": [
695
"Audit",
@@ -699,9 +699,9 @@
699
},
700
"effect-0049a6b3-a662-4f3e-8635-39cf44ace45a": {
701
"type": "String",
702
"metadata": {
703
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
704
"description": "For more information about effects, visit https://aka.ms/policyeffects"
705
},
706
"allowedValues": [
707
"AuditIfNotExists",
@@ -724,9 +724,9 @@
724
},
725
"effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd": {
726
"type": "String",
727
"metadata": {
728
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
729
"description": "For more information about effects, visit https://aka.ms/policyeffects"
730
},
731
"allowedValues": [
732
"AuditIfNotExists",
@@ -736,9 +736,9 @@
736
},
737
"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d": {
738
"type": "String",
739
"metadata": {
740
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
741
"description": "For more information about effects, visit https://aka.ms/policyeffects"
742
},
743
"allowedValues": [
744
"Audit",
@@ -748,9 +748,9 @@
748
},
749
"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af": {
750
"type": "String",
751
"metadata": {
752
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
753
"description": "For more information about effects, visit https://aka.ms/policyeffects"
754
},
755
"allowedValues": [
756
"Audit",
@@ -773,9 +773,9 @@
773
},
774
"effect-87845465-c458-45f3-af66-dcd62176f397": {
775
"type": "String",
776
"metadata": {
777
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
778
"description": "For more information about effects, visit https://aka.ms/policyeffects"
779
},
780
"allowedValues": [
781
"AuditIfNotExists",
@@ -785,9 +785,9 @@
785
},
786
"effect-efbde977-ba53-4479-b8e9-10b957924fbf": {
787
"type": "String",
788
"metadata": {
789
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
790
"description": "For more information about effects, visit https://aka.ms/policyeffects"
791
},
792
"allowedValues": [
793
"AuditIfNotExists",
@@ -810,9 +810,9 @@
810
},
811
"effect-e6955644-301c-44b5-a4c4-528577de6861": {
812
"type": "String",
813
"metadata": {
814
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
815
"description": "For more information about effects, visit https://aka.ms/policyeffects"
816
},
817
"allowedValues": [
818
"AuditIfNotExists",
@@ -835,9 +835,9 @@
835
},
836
"effect-630c64f9-8b6b-4c64-b511-6544ceff6fd6": {
837
"type": "String",
838
"metadata": {
839
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
840
"description": "For more information about effects, visit https://aka.ms/policyeffects"
841
},
842
"allowedValues": [
843
"AuditIfNotExists",
@@ -872,9 +872,9 @@
872
},
873
"effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40": {
874
"type": "String",
875
"metadata": {
876
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
877
"description": "For more information about effects, visit https://aka.ms/policyeffects"
878
},
879
"allowedValues": [
880
"AuditIfNotExists",
@@ -884,9 +884,9 @@
884
},
885
"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780": {
886
"type": "String",
887
"metadata": {
888
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
889
"description": "For more information about effects, visit https://aka.ms/policyeffects"
890
},
891
"allowedValues": [
892
"Audit",
@@ -897,9 +897,9 @@
897
},
898
"effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f": {
899
"type": "String",
900
"metadata": {
901
- "displayName": "Effect for policy: Anactivitylog alert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
902
"description": "For more information about effects, visit https://aka.ms/policyeffects"
903
},
904
"allowedValues": [
905
"AuditIfNotExists",
@@ -909,9 +909,9 @@
909
},
910
"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e": {
911
"type": "String",
912
"metadata": {
913
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
914
"description": "For more information about effects, visit https://aka.ms/policyeffects"
915
},
916
"allowedValues": [
917
"Audit",
@@ -943,9 +943,9 @@
943
},
944
"effect-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0": {
945
"type": "String",
946
"metadata": {
947
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
948
"description": "For more information about effects, visit https://aka.ms/policyeffects"
949
},
950
"allowedValues": [
951
"AuditIfNotExists",
@@ -955,9 +955,9 @@
955
},
956
"effect-640d2586-54d2-465f-877f-9ffc1d2109f4": {
957
"type": "String",
958
"metadata": {
959
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
960
"description": "For more information about effects, visit https://aka.ms/policyeffects"
961
},
962
"allowedValues": [
963
"AuditIfNotExists",
@@ -967,9 +967,9 @@
967
},
968
"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb": {
969
"type": "String",
970
"metadata": {
971
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
972
"description": "For more information about effects, visit https://aka.ms/policyeffects"
973
},
974
"allowedValues": [
975
"Audit",
@@ -980,9 +980,9 @@
980
},
981
"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6": {
982
"type": "String",
983
"metadata": {
984
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
985
"description": "For more information about effects, visit https://aka.ms/policyeffects"
986
},
987
"allowedValues": [
988
"Audit",
@@ -993,9 +993,9 @@
993
},
994
"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b": {
995
"type": "String",
996
"metadata": {
997
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
998
"description": "For more information about effects, visit https://aka.ms/policyeffects"
999
},
1000
"allowedValues": [
1001
"AuditIfNotExists",
@@ -1024,9 +1024,9 @@
1024
},
1025
"effect-75c4f823-d65c-4f29-a733-01d0077fdbcb": {
1026
"type": "String",
1027
"metadata": {
1028
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1029
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1030
},
1031
"allowedValues": [
1032
"Audit",
@@ -1037,9 +1037,9 @@
1037
},
1038
"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0": {
1039
"type": "String",
1040
"metadata": {
1041
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1042
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1043
},
1044
"allowedValues": [
1045
"Audit",
@@ -1049,9 +1049,9 @@
1049
},
1050
"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57": {
1051
"type": "String",
1052
"metadata": {
1053
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1054
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1055
},
1056
"allowedValues": [
1057
"AuditIfNotExists",
@@ -1081,9 +1081,9 @@
1081
},
1082
"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7": {
1083
"type": "String",
1084
"metadata": {
1085
- "displayName": "Effect for policy: Anactivity log alert should exist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1086
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1087
},
1088
"allowedValues": [
1089
"AuditIfNotExists",
@@ -1093,9 +1093,9 @@
1093
},
1094
"effect-428256e6-1fac-4f48-a757-df34c2b3336d": {
1095
"type": "String",
1096
"metadata": {
1097
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1098
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1099
},
1100
"allowedValues": [
1101
"AuditIfNotExists",
@@ -1113,9 +1113,9 @@
1113
},
1114
"effect-2158ddbe-fefa-408e-b43f-d4faef8ff3b8": {
1115
"type": "String",
1116
"metadata": {
1117
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1118
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1119
},
1120
"allowedValues": [
1121
"Audit",
@@ -1126,9 +1126,9 @@
1126
},
1127
"effect-797b37f7-06b8-444c-b1ad-fc62867f335a": {
1128
"type": "String",
1129
"metadata": {
1130
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1131
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1132
},
1133
"allowedValues": [
1134
"Audit",
@@ -1139,9 +1139,9 @@
1139
},
1140
"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb": {
1141
"type": "String",
1142
"metadata": {
1143
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1144
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1145
},
1146
"allowedValues": [
1147
"Audit",
@@ -1152,9 +1152,9 @@
1152
},
1153
"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899": {
1154
"type": "String",
1155
"metadata": {
1156
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1157
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1158
},
1159
"allowedValues": [
1160
"AuditIfNotExists",
@@ -1177,9 +1177,9 @@
1177
},
1178
"effect-94d9aca8-3757-46df-aa51-f218c5f11954": {
1179
"type": "String",
1180
"metadata": {
1181
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1182
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1183
},
1184
"allowedValues": [
1185
"AuditIfNotExists",
@@ -1189,9 +1189,9 @@
1189
},
1190
"effect-9daedab3-fb2d-461e-b861-71790eead4f6": {
1191
"type": "String",
1192
"metadata": {
1193
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1194
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1195
},
1196
"allowedValues": [
1197
"AuditIfNotExists",
@@ -1201,9 +1201,9 @@
1201
},
1202
"effect-8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54": {
1203
"type": "String",
1204
"metadata": {
1205
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1206
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1207
},
1208
"allowedValues": [
1209
"Audit",
@@ -1214,9 +1214,9 @@
1214
},
1215
"effect-2d21331d-a4c2-4def-a9ad-ee4e1e023beb": {
1216
"type": "String",
1217
"metadata": {
1218
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1219
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1220
},
1221
"allowedValues": [
1222
"AuditIfNotExists",
@@ -1226,9 +1226,9 @@
1226
},
1227
"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b": {
1228
"type": "String",
1229
"metadata": {
1230
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1231
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1232
},
1233
"allowedValues": [
1234
"Audit",
@@ -1274,9 +1274,9 @@
1274
},
1275
"effect-bf16e0bb-31e1-4646-8202-60a235cc7e74": {
1276
"type": "String",
1277
"metadata": {
1278
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1279
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1280
},
1281
"allowedValues": [
1282
"AuditIfNotExists",
@@ -1286,9 +1286,9 @@
1286
},
1287
"effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f": {
1288
"type": "String",
1289
"metadata": {
1290
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1291
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1292
},
1293
"allowedValues": [
1294
"AuditIfNotExists",
@@ -1298,9 +1298,9 @@
1298
},
1299
"effect-46aa9b05-0e60-4eae-a88b-1e9d374fa515": {
1300
"type": "String",
1301
"metadata": {
1302
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1303
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1304
},
1305
"allowedValues": [
1306
"Audit",
@@ -1311,9 +1311,9 @@
1311
},
1312
"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9": {
1313
"type": "String",
1314
"metadata": {
1315
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1316
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1317
},
1318
"allowedValues": [
1319
"AuditIfNotExists",
@@ -1323,9 +1323,9 @@
1323
},
1324
"effect-91a78b24-f231-4a8a-8da9-02c35b2b6510": {
1325
"type": "String",
1326
"metadata": {
1327
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1328
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1329
},
1330
"allowedValues": [
1331
"AuditIfNotExists",
@@ -1351,9 +1351,9 @@
1351
},
1352
"effect-d461a302-a187-421a-89ac-84acdb4edc04": {
1353
"type": "String",
1354
"metadata": {
1355
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1356
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1357
},
1358
"allowedValues": [
1359
"Audit",
@@ -1364,9 +1364,9 @@
1364
},
1365
"effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34": {
1366
"type": "String",
1367
"metadata": {
1368
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1369
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1370
},
1371
"allowedValues": [
1372
"AuditIfNotExists",
@@ -1376,9 +1376,9 @@
1376
},
1377
"effect-ca91455f-eace-4f96-be59-e6e2c35b4816": {
1378
"type": "String",
1379
"metadata": {
1380
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1381
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1382
},
1383
"allowedValues": [
1384
"Audit",
@@ -1389,9 +1389,9 @@
1389
},
1390
"effect-f4826e5f-6a27-407c-ae3e-9582eb39891d": {
1391
"type": "String",
1392
"metadata": {
1393
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1394
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1395
},
1396
"allowedValues": [
1397
"AuditIfNotExists",
@@ -1401,9 +1401,9 @@
1401
},
1402
"effect-7803067c-7d34-46e3-8c79-0ca68fc4036d": {
1403
"type": "String",
1404
"metadata": {
1405
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1406
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1407
},
1408
"allowedValues": [
1409
"AuditIfNotExists",
@@ -1413,9 +1413,9 @@
1413
},
1414
"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c": {
1415
"type": "String",
1416
"metadata": {
1417
- "displayName": "Effect for policy: Anactivitylog alert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1418
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1419
},
1420
"allowedValues": [
1421
"Audit",
@@ -1426,9 +1426,9 @@
1426
},
1427
"effect-ab6a902f-9493-453b-928d-62c30b11b5a6": {
1428
"type": "String",
1429
"metadata": {
1430
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1431
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1432
},
1433
"allowedValues": [
1434
"AuditIfNotExists",
@@ -1438,9 +1438,9 @@
1438
},
1439
"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606": {
1440
"type": "String",
1441
"metadata": {
1442
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1443
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1444
},
1445
"allowedValues": [
1446
"Audit",
@@ -1451,9 +1451,9 @@
1451
},
1452
"effect-3d9f5e4c-9947-4579-9539-2a7695fbc187": {
1453
"type": "String",
1454
"metadata": {
1455
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1456
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1457
},
1458
"allowedValues": [
1459
"Audit",
@@ -1464,9 +1464,9 @@
1464
},
1465
"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c": {
1466
"type": "String",
1467
"metadata": {
1468
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1469
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1470
},
1471
"allowedValues": [
1472
"AuditIfNotExists",
@@ -1476,9 +1476,9 @@
1476
},
1477
"effect-009a0c92-f5b4-4776-9b66-4ed2b4775563": {
1478
"type": "String",
1479
"metadata": {
1480
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1481
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1482
},
1483
"allowedValues": [
1484
"AuditIfNotExists",
@@ -1488,9 +1488,9 @@
1488
},
1489
"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7": {
1490
"type": "String",
1491
"metadata": {
1492
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1493
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1494
},
1495
"allowedValues": [
1496
"Audit",
@@ -1501,9 +1501,9 @@
1501
},
1502
"effect-fb893a29-21bb-418c-a157-e99480ec364c": {
1503
"type": "String",
1504
"metadata": {
1505
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1506
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1507
},
1508
"allowedValues": [
1509
"Audit",
@@ -1513,9 +1513,9 @@
1513
},
1514
"effect-2b9ad585-36bc-4615-b300-fd4435808332": {
1515
"type": "String",
1516
"metadata": {
1517
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1518
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1519
},
1520
"allowedValues": [
1521
"AuditIfNotExists",
@@ -1525,9 +1525,9 @@
1525
},
1526
"effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4": {
1527
"type": "String",
1528
"metadata": {
1529
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1530
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1531
},
1532
"allowedValues": [
1533
"Audit",
@@ -1553,9 +1553,9 @@
1553
},
1554
"effect-2393d2cf-a342-44cd-a2e2-fe0188fd1234": {
1555
"type": "String",
1556
"metadata": {
1557
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1558
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1559
},
1560
"allowedValues": [
1561
"Audit",
@@ -1565,9 +1565,9 @@
1565
},
1566
"effect-b8564268-eb4a-4337-89be-a19db070c59d": {
1567
"type": "String",
1568
"metadata": {
1569
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1570
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1571
},
1572
"allowedValues": [
1573
"AuditIfNotExists",
@@ -1577,9 +1577,9 @@
1577
},
1578
"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": {
1579
"type": "String",
1580
"metadata": {
1581
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1582
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1583
},
1584
"allowedValues": [
1585
"Audit",
@@ -1590,9 +1590,9 @@
1590
},
1591
"effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1": {
1592
"type": "String",
1593
"metadata": {
1594
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1595
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1596
},
1597
"allowedValues": [
1598
"Audit",
@@ -1603,9 +1603,9 @@
1603
},
1604
"effect-e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f": {
1605
"type": "String",
1606
"metadata": {
1607
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1608
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1609
},
1610
"allowedValues": [
1611
"Audit",
@@ -1616,9 +1616,9 @@
1616
},
1617
"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751": {
1618
"type": "String",
1619
"metadata": {
1620
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1621
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1622
},
1623
"allowedValues": [
1624
"Audit",
@@ -1629,9 +1629,9 @@
1629
},
1630
"effect-c4857be7-912a-4c75-87e6-e30292bcdf78": {
1631
"type": "String",
1632
"metadata": {
1633
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1634
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1635
},
1636
"allowedValues": [
1637
"Audit",
@@ -1657,9 +1657,9 @@
1657
},
1658
"effect-11ac78e3-31bc-4f0c-8434-37ab963cea07": {
1659
"type": "String",
1660
"metadata": {
1661
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1662
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1663
},
1664
"allowedValues": [
1665
"AuditIfNotExists",
@@ -1691,9 +1691,9 @@
1691
},
1692
"effect-4ceb8dc2-559c-478b-a15b-733fbf1e3738": {
1693
"type": "String",
1694
"metadata": {
1695
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1696
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1697
},
1698
"allowedValues": [
1699
"AuditIfNotExists",
@@ -1703,9 +1703,9 @@
1703
},
1704
"effect-fe83a0eb-a853-422d-aac2-1bffd182c5d0": {
1705
"type": "String",
1706
"metadata": {
1707
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1708
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1709
},
1710
"allowedValues": [
1711
"Audit",
@@ -1738,9 +1738,9 @@
1738
},
1739
"effect-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
1740
"type": "String",
1741
"metadata": {
1742
- "displayName": "[Deprecated]: Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1743
"description": "For more information about effects, visit https://aka.ms/policyeffects",
1744
"deprecated": true
1745
},
1746
"allowedValues": [
@@ -1751,9 +1751,9 @@
1751
},
1752
"effect-ae5d2f14-d830-42b6-9899-df6cfe9c71a3": {
1753
"type": "String",
1754
"metadata": {
1755
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1756
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1757
},
1758
"allowedValues": [
1759
"AuditIfNotExists",
@@ -1763,9 +1763,9 @@
1763
},
1764
"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d": {
1765
"type": "String",
1766
"metadata": {
1767
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1768
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1769
},
1770
"allowedValues": [
1771
"AuditIfNotExists",
@@ -1775,9 +1775,9 @@
1775
},
1776
"effect-a1840de2-8088-4ea8-b153-b4c723e9cb01": {
1777
"type": "String",
1778
"metadata": {
1779
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1780
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1781
},
1782
"allowedValues": [
1783
"Audit",
@@ -1800,9 +1800,9 @@
1800
},
1801
"effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99": {
1802
"type": "String",
1803
"metadata": {
1804
- "displayName": "Effect for policy: Anactivitylogalertshouldexistforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1805
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1806
},
1807
"allowedValues": [
1808
"AuditIfNotExists",
@@ -1812,9 +1812,9 @@
1812
},
1813
"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2": {
1814
"type": "String",
1815
"metadata": {
1816
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1817
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1818
},
1819
"allowedValues": [
1820
"AuditIfNotExists",
@@ -1824,9 +1824,9 @@
1824
},
1825
"effect-fa498b91-8a7e-4710-9578-da944c68d1fe": {
1826
"type": "String",
1827
"metadata": {
1828
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1829
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1830
},
1831
"allowedValues": [
1832
"Audit",
@@ -1836,9 +1836,9 @@
1836
},
1837
"effect-a70ca396-0a34-413a-88e1-b956c1e683be": {
1838
"type": "String",
1839
"metadata": {
1840
- "displayName": "[Deprecated]: Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1841
"description": "For more information about effects, visit https://aka.ms/policyeffects",
1842
"deprecated": true
1843
},
1844
"allowedValues": [
@@ -1849,9 +1849,9 @@
1849
},
1850
"effect-7796937f-307b-4598-941c-67d3a05ebfe7": {
1851
"type": "String",
1852
"metadata": {
1853
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1854
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1855
},
1856
"allowedValues": [
1857
"AuditIfNotExists",
@@ -1861,9 +1861,9 @@
1861
},
1862
"effect-89099bee-89e0-4b26-a5f4-165451757743": {
1863
"type": "String",
1864
"metadata": {
1865
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1866
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1867
},
1868
"allowedValues": [
1869
"AuditIfNotExists",
@@ -1873,9 +1873,9 @@
1873
},
1874
"effect-fb74e86f-d351-4b8d-b034-93da7391c01f": {
1875
"type": "String",
1876
"metadata": {
1877
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1878
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1879
},
1880
"allowedValues": [
1881
"Audit",
@@ -1904,9 +1904,9 @@
1904
},
1905
"effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255": {
1906
"type": "String",
1907
"metadata": {
1908
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1909
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1910
},
1911
"allowedValues": [
1912
"Audit",
@@ -1917,9 +1917,9 @@
1917
},
1918
"effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373": {
1919
"type": "String",
1920
"metadata": {
1921
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1922
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1923
},
1924
"allowedValues": [
1925
"AuditIfNotExists",
@@ -1929,9 +1929,9 @@
1929
},
1930
"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71": {
1931
"type": "String",
1932
"metadata": {
1933
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1934
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1935
},
1936
"allowedValues": [
1937
"AuditIfNotExists",
@@ -1941,9 +1941,9 @@
1941
},
1942
"effect-17k78e20-9358-41c9-923c-fb736d382a12": {
1943
"type": "String",
1944
"metadata": {
1945
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1946
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1947
},
1948
"allowedValues": [
1949
"AuditIfNotExists",
@@ -1953,9 +1953,9 @@
1953
},
1954
"effect-4c3c6c5f-0d47-4402-99b8-aa543dd8bcee": {
1955
"type": "String",
1956
"metadata": {
1957
- "displayName": "Effect for policy: Anactivitylogalertshould exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1958
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1959
},
1960
"allowedValues": [
1961
"Audit",
@@ -1965,9 +1965,9 @@
1965
},
1966
"effect-d6759c02-b87f-42b7-892e-71b3f471d782": {
1967
"type": "String",
1968
"metadata": {
1969
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1970
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1971
},
1972
"allowedValues": [
1973
"Audit",
@@ -1977,9 +1977,9 @@
1977
},
1978
"effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48": {
1979
"type": "String",
1980
"metadata": {
1981
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1982
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1983
},
1984
"allowedValues": [
1985
"Audit",
@@ -1990,9 +1990,9 @@
1990
},
1991
"effect-970f84d8-71b6-4091-9979-ace7e3fb6dbb": {
1992
"type": "String",
1993
"metadata": {
1994
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1995
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1996
},
1997
"allowedValues": [
1998
"Audit",
@@ -2003,9 +2003,9 @@
2003
},
2004
"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a": {
2005
"type": "String",
2006
"metadata": {
2007
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2008
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2009
},
2010
"allowedValues": [
2011
"AuditIfNotExists",
@@ -2015,9 +2015,9 @@
2015
},
2016
"effect-97566dd7-78ae-4997-8b36-1c7bfe0d8121": {
2017
"type": "String",
2018
"metadata": {
2019
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2020
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2021
},
2022
"allowedValues": [
2023
"Audit",
@@ -2027,9 +2027,9 @@
2027
},
2028
"effect-1d320205-c6a1-4ac6-873d-46224024e8e2": {
2029
"type": "String",
2030
"metadata": {
2031
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2032
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2033
},
2034
"allowedValues": [
2035
"AuditIfNotExists",
@@ -2039,9 +2039,9 @@
2039
},
2040
"effect-c0e996f8-39cf-4af9-9f45-83fbde810432": {
2041
"type": "String",
2042
"metadata": {
2043
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2044
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2045
},
2046
"allowedValues": [
2047
"Audit",
@@ -2059,9 +2059,9 @@
2059
},
2060
"effect-d416745a-506c-48b6-8ab1-83cb814bcaa3": {
2061
"type": "String",
2062
"metadata": {
2063
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2064
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2065
},
2066
"allowedValues": [
2067
"Audit",
@@ -2079,9 +2079,9 @@
2079
},
2080
"effect-6581d072-105e-4418-827f-bd446d56421b": {
2081
"type": "String",
2082
"metadata": {
2083
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2084
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2085
},
2086
"allowedValues": [
2087
"AuditIfNotExists",
@@ -2091,9 +2091,9 @@
2091
},
2092
"effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833": {
2093
"type": "String",
2094
"metadata": {
2095
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2096
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2097
},
2098
"allowedValues": [
2099
"AuditIfNotExists",
@@ -2103,9 +2103,9 @@
2103
},
2104
"effect-c9d007d0-c057-4772-b18c-01e546713bcd": {
2105
"type": "String",
2106
"metadata": {
2107
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2108
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2109
},
2110
"allowedValues": [
2111
"Audit",
@@ -2116,9 +2116,9 @@
2116
},
2117
"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c": {
2118
"type": "String",
2119
"metadata": {
2120
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2121
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2122
},
2123
"allowedValues": [
2124
"AuditIfNotExists",
@@ -2128,9 +2128,9 @@
2128
},
2129
"effect-d38fc420-0735-4ef3-ac11-c806f651a570": {
2130
"type": "String",
2131
"metadata": {
2132
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2133
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2134
},
2135
"allowedValues": [
2136
"AuditIfNotExists",
@@ -2160,9 +2160,9 @@
2160
},
2161
"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0": {
2162
"type": "String",
2163
"metadata": {
2164
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2165
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2166
},
2167
"allowedValues": [
2168
"Audit",
@@ -2173,9 +2173,9 @@
2173
},
2174
"effect-c9299215-ae47-4f50-9c54-8a392f68a052": {
2175
"type": "String",
2176
"metadata": {
2177
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2178
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2179
},
2180
"allowedValues": [
2181
"Audit",
@@ -2186,9 +2186,9 @@
2186
},
2187
"effect-60d21c4f-21a3-4d94-85f4-b924e6aeeda4": {
2188
"type": "String",
2189
"metadata": {
2190
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2191
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2192
},
2193
"allowedValues": [
2194
"Audit",
@@ -2198,9 +2198,9 @@
2198
},
2199
"effect-f1776c76-f58c-4245-a8d0-2b207198dc8b": {
2200
"type": "String",
2201
"metadata": {
2202
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2203
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2204
},
2205
"allowedValues": [
2206
"AuditIfNotExists",
@@ -2217,9 +2217,9 @@
2217
},
2218
"effect-11e3da8c-1d68-4392-badd-0ff3c43ab5b0": {
2219
"type": "String",
2220
"metadata": {
2221
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2222
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2223
},
2224
"allowedValues": [
2225
"Audit",
@@ -2229,9 +2229,9 @@
2229
},
2230
"effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b": {
2231
"type": "String",
2232
"metadata": {
2233
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2234
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2235
},
2236
"allowedValues": [
2237
"Audit",
@@ -2260,9 +2260,9 @@
2260
},
2261
"effect-7698e800-9299-47a6-b3b6-5a0fee576eed": {
2262
"type": "String",
2263
"metadata": {
2264
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2265
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2266
},
2267
"allowedValues": [
2268
"Audit",
@@ -2272,9 +2272,9 @@
2272
},
2273
"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": {
2274
"type": "String",
2275
"metadata": {
2276
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2277
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2278
},
2279
"allowedValues": [
2280
"AuditIfNotExists",
@@ -2284,9 +2284,9 @@
2284
},
2285
"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4": {
2286
"type": "String",
2287
"metadata": {
2288
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2289
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2290
},
2291
"allowedValues": [
2292
"AuditIfNotExists",
@@ -2304,9 +2304,9 @@
2304
},
2305
"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d": {
2306
"type": "String",
2307
"metadata": {
2308
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2309
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2310
},
2311
"allowedValues": [
2312
"Audit",
@@ -2317,9 +2317,9 @@
2317
},
2318
"effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e": {
2319
"type": "String",
2320
"metadata": {
2321
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2322
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2323
},
2324
"allowedValues": [
2325
"AuditIfNotExists",
@@ -2329,9 +2329,9 @@
2329
},
2330
"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1": {
2331
"type": "String",
2332
"metadata": {
2333
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2334
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2335
},
2336
"allowedValues": [
2337
"Audit",
@@ -2342,9 +2342,9 @@
2342
},
2343
"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5": {
2344
"type": "String",
2345
"metadata": {
2346
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2347
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2348
},
2349
"allowedValues": [
2350
"AuditIfNotExists",
@@ -2354,9 +2354,9 @@
2354
},
2355
"effect-c39ba22d-4428-4149-b981-70acb31fc383": {
2356
"type": "String",
2357
"metadata": {
2358
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2359
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2360
},
2361
"allowedValues": [
2362
"Audit",
@@ -2367,9 +2367,9 @@
2367
},
2368
"effect-617c02be-7f02-4efd-8836-3180d47b6c68": {
2369
"type": "String",
2370
"metadata": {
2371
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2372
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2373
},
2374
"allowedValues": [
2375
"Audit",
@@ -2380,9 +2380,9 @@
2380
},
2381
"effect-e345b6c3-24bd-4c93-9bbb-7e5e49a17b78": {
2382
"type": "String",
2383
"metadata": {
2384
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2385
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2386
},
2387
"allowedValues": [
2388
"Audit",
@@ -2392,9 +2392,9 @@
2392
},
2393
"effect-58440f8a-10c5-4151-bdce-dfbaad4a20b7": {
2394
"type": "String",
2395
"metadata": {
2396
- "displayName": "Effect for policy: Anactivitylog alert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2397
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2398
},
2399
"allowedValues": [
2400
"Audit",
@@ -2433,9 +2433,9 @@
2433
},
2434
"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f": {
2435
"type": "String",
2436
"metadata": {
2437
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2438
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2439
},
2440
"allowedValues": [
2441
"Audit",
@@ -2446,9 +2446,9 @@
2446
},
2447
"effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8": {
2448
"type": "String",
2449
"metadata": {
2450
- "displayName": "Effect for policy: Anactivitylog alert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2451
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2452
},
2453
"allowedValues": [
2454
"AuditIfNotExists",
@@ -2458,9 +2458,9 @@
2458
},
2459
"effect-04c4380f-3fae-46e8-96c9-30193528f602": {
2460
"type": "String",
2461
"metadata": {
2462
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2463
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2464
},
2465
"allowedValues": [
2466
"AuditIfNotExists",
@@ -2470,9 +2470,9 @@
2470
},
2471
"effect-ca610c1d-041c-4332-9d88-7ed3094967c7": {
2472
"type": "String",
2473
"metadata": {
2474
- "displayName": "Effect for policy: Anactivitylog alert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2475
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2476
},
2477
"allowedValues": [
2478
"AuditIfNotExists",
@@ -2482,9 +2482,9 @@
2482
},
2483
"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858": {
2484
"type": "String",
2485
"metadata": {
2486
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2487
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2488
},
2489
"allowedValues": [
2490
"AuditIfNotExists",
@@ -2505,9 +2505,9 @@
2505
},
2506
"effect-1c30f9cd-b84c-49cc-aa2c-9288447cc3b3": {
2507
"type": "String",
2508
"metadata": {
2509
- "displayName": "Effect for policy: Anactivity log alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2510
"description": "For more information about effects, visit https://aka.ms/policyeffects"
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2562
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2563
},
2564
"allowedValues": [
2565
"AuditIfNotExists",
@@ -2569,9 +2573,9 @@
2569
},
2570
"effect-1cb4d9c2-f88f-4069-bee0-dba239a57b09": {
2571
"type": "String",
2572
"metadata": {
2573
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2574
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2575
},
2576
"allowedValues": [
2577
"AuditIfNotExists",
@@ -2634,9 +2638,9 @@
2634
},
2635
"effect-f2143251-70de-4e81-87a8-36cee5a2f29d": {
2636
"type": "String",
2637
"metadata": {
2638
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2639
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2640
},
2641
"allowedValues": [
2642
"AuditIfNotExists",
@@ -2646,9 +2650,9 @@
2646
},
2647
"effect-cf820ca0-f99e-4f3e-84fb-66e913812d21": {
2648
"type": "String",
2649
"metadata": {
2650
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2651
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2652
},
2653
"allowedValues": [
2654
"AuditIfNotExists",
@@ -2666,9 +2670,9 @@
2666
},
2667
"effect-82339799-d096-41ae-8538-b108becf0970": {
2668
"type": "String",
2669
"metadata": {
2670
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2671
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2672
},
2673
"allowedValues": [
2674
"Audit",
@@ -2678,9 +2682,9 @@
2678
},
2679
"effect-146412e9-005c-472b-9e48-c87b72ac229e": {
2680
"type": "String",
2681
"metadata": {
2682
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2683
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2684
},
2685
"allowedValues": [
2686
"AuditIfNotExists",
@@ -2712,9 +2716,9 @@
2712
},
2713
"effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b": {
2714
"type": "String",
2715
"metadata": {
2716
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2717
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2718
},
2719
"allowedValues": [
2720
"AuditIfNotExists",
@@ -2737,9 +2741,9 @@
2737
},
2738
"effect-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc": {
2739
"type": "String",
2740
"metadata": {
2741
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2742
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2743
},
2744
"allowedValues": [
2745
"AuditIfNotExists",
@@ -2749,9 +2753,9 @@
2749
},
2750
"effect-eb907f70-7514-460d-92b3-a5ae93b4f917": {
2751
"type": "String",
2752
"metadata": {
2753
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2754
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2755
},
2756
"allowedValues": [
2757
"Audit",
@@ -2761,9 +2765,9 @@
2761
},
2762
"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae": {
2763
"type": "String",
2764
"metadata": {
2765
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2766
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2767
},
2768
"allowedValues": [
2769
"AuditIfNotExists",
@@ -2773,9 +2777,9 @@
2773
},
2774
"effect-a1ad735a-e96f-45d2-a7b2-9a4932cab7ec": {
2775
"type": "String",
2776
"metadata": {
2777
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2778
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2779
},
2780
"allowedValues": [
2781
"Audit",
@@ -2785,9 +2789,9 @@
2785
},
2786
"effect-32e6bbec-16b6-44c2-be37-c5b672d103cf": {
2787
"type": "String",
2788
"metadata": {
2789
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2790
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2791
},
2792
"allowedValues": [
2793
"Audit",
@@ -2798,9 +2802,9 @@
2798
},
2799
"effect-bd876905-5b84-4f73-ab2d-2e7a7c4568d9": {
2800
"type": "String",
2801
"metadata": {
2802
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2803
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2804
},
2805
"allowedValues": [
2806
"Audit",
@@ -2811,9 +2815,9 @@
2811
},
2812
"effect-34f95f76-5386-4de7-b824-0d8478470c9d": {
2813
"type": "String",
2814
"metadata": {
2815
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2816
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2817
},
2818
"allowedValues": [
2819
"AuditIfNotExists",
@@ -2831,9 +2835,9 @@
2831
},
2832
"effect-8ac833bd-f505-48d5-887e-c993a1d3eea0": {
2833
"type": "String",
2834
"metadata": {
2835
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2836
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2837
},
2838
"allowedValues": [
2839
"AuditIfNotExists",
@@ -2843,9 +2847,9 @@
2843
},
2844
"effect-1ee56206-5dd1-42ab-b02d-8aae8b1634ce": {
2845
"type": "String",
2846
"metadata": {
2847
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2848
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2849
},
2850
"allowedValues": [
2851
"Audit",
@@ -2855,9 +2859,9 @@
2855
},
2856
"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
2857
"type": "String",
2858
"metadata": {
2859
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2860
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2861
},
2862
"allowedValues": [
2863
"AuditIfNotExists",
@@ -2878,9 +2882,9 @@
2878
},
2879
"effect-48af4db5-9b8b-401c-8e74-076be876a430": {
2880
"type": "String",
2881
"metadata": {
2882
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2883
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2884
},
2885
"allowedValues": [
2886
"Audit",
@@ -2890,9 +2894,9 @@
2890
},
2891
"effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2": {
2892
"type": "String",
2893
"metadata": {
2894
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2895
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2896
},
2897
"allowedValues": [
2898
"Audit",
@@ -2903,9 +2907,9 @@
2903
},
2904
"effect-e15effd4-2278-4c65-a0da-4d6f6d1890e2": {
2905
"type": "String",
2906
"metadata": {
2907
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2908
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2909
},
2910
"allowedValues": [
2911
"Deny",
@@ -2916,9 +2920,9 @@
2916
},
2917
"effect-7926a6d1-b268-4586-8197-e8ae90c877d7": {
2918
"type": "String",
2919
"metadata": {
2920
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2921
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2922
},
2923
"allowedValues": [
2924
"AuditIfNotExists",
@@ -2928,9 +2932,9 @@
2928
},
2929
"effect-399b2637-a50f-4f95-96f8-3a145476eb15": {
2930
"type": "String",
2931
"metadata": {
2932
- "displayName": "Effect for policy: Anactivitylog alert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2933
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2934
},
2935
"allowedValues": [
2936
"AuditIfNotExists",
@@ -2952,9 +2956,9 @@
2952
},
2953
"effect-82067dbb-e53b-4e06-b631-546d197452d9": {
2954
"type": "String",
2955
"metadata": {
2956
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2957
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2958
},
2959
"allowedValues": [
2960
"Audit",
@@ -2965,9 +2969,9 @@
2965
},
2966
"effect-12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5": {
2967
"type": "String",
2968
"metadata": {
2969
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2970
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2971
},
2972
"allowedValues": [
2973
"Audit",
@@ -2978,9 +2982,9 @@
2978
},
2979
"effect-a8793640-60f7-487c-b5c3-1d37215905c4": {
2980
"type": "String",
2981
"metadata": {
2982
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2983
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2984
},
2985
"allowedValues": [
2986
"Audit",
@@ -2990,9 +2994,9 @@
2990
},
2991
"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9": {
2992
"type": "String",
2993
"metadata": {
2994
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2995
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2996
},
2997
"allowedValues": [
2998
"AuditIfNotExists",
@@ -3029,9 +3033,9 @@
3029
},
3030
"effect-58383b73-94a9-4414-b382-4146eb02611b": {
3031
"type": "String",
3032
"metadata": {
3033
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3034
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3035
},
3036
"allowedValues": [
3037
"AuditIfNotExists",
@@ -3059,9 +3063,9 @@
3059
},
3060
"effect-32133ab0-ee4b-4b44-98d6-042180979d50": {
3061
"type": "String",
3062
"metadata": {
3063
- "displayName": "[Deprecated]: Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3064
"description": "For more information about effects, visit https://aka.ms/policyeffects",
3065
"deprecated": true
3066
},
3067
"allowedValues": [
@@ -3072,9 +3076,9 @@
3072
},
3073
"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71": {
3074
"type": "String",
3075
"metadata": {
3076
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3077
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3078
},
3079
"allowedValues": [
3080
"Audit",
@@ -3085,9 +3089,9 @@
3085
},
3086
"effect-0a370ff3-6cab-4e85-8995-295fd854c5b8": {
3087
"type": "String",
3088
"metadata": {
3089
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3090
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3091
},
3092
"allowedValues": [
3093
"Audit",
@@ -3111,9 +3115,9 @@
3111
},
3112
"effect-caf2d518-f029-4f6b-833b-d7081702f253": {
3113
"type": "String",
3114
"metadata": {
3115
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3116
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3117
},
3118
"allowedValues": [
3119
"AuditIfNotExists",
@@ -3123,9 +3127,9 @@
3123
},
3124
"effect-0b15565f-aa9e-48ba-8619-45960f2c314d": {
3125
"type": "String",
3126
"metadata": {
3127
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3128
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3129
},
3130
"allowedValues": [
3131
"AuditIfNotExists",
@@ -3135,9 +3139,9 @@
3135
},
3136
"effect-d63edb4a-c612-454d-b47d-191a724fcbf0": {
3137
"type": "String",
3138
"metadata": {
3139
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3140
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3141
},
3142
"allowedValues": [
3143
"AuditIfNotExists",
@@ -3147,9 +3151,9 @@
3147
},
3148
"effect-9dfea752-dd46-4766-aed1-c355fa93fb91": {
3149
"type": "String",
3150
"metadata": {
3151
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3152
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3153
},
3154
"allowedValues": [
3155
"Audit",
@@ -3160,9 +3164,9 @@
3160
},
3161
"effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f": {
3162
"type": "String",
3163
"metadata": {
3164
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3165
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3166
},
3167
"allowedValues": [
3168
"AuditIfNotExists",
@@ -3192,9 +3196,9 @@
3192
},
3193
"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a": {
3194
"type": "String",
3195
"metadata": {
3196
- "displayName": "Effect for policy: Anactivitylog alert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3197
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3198
},
3199
"allowedValues": [
3200
"Audit",
@@ -3205,9 +3209,9 @@
3205
},
3206
"effect-9b597639-28e4-48eb-b506-56b05d366257": {
3207
"type": "String",
3208
"metadata": {
3209
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3210
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3211
},
3212
"allowedValues": [
3213
"AuditIfNotExists",
@@ -3217,9 +3221,9 @@
3217
},
3218
"effect-438c38d2-3772-465a-a9cc-7a6666a275ce": {
3219
"type": "String",
3220
"metadata": {
3221
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3222
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3223
},
3224
"allowedValues": [
3225
"Audit",
@@ -3230,9 +3234,9 @@
3230
},
3231
"effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc": {
3232
"type": "String",
3233
"metadata": {
3234
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3235
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3236
},
3237
"allowedValues": [
3238
"AuditIfNotExists",
@@ -3242,9 +3246,9 @@
3242
},
3243
"effect-a21f8c92-9e22-4f09-b759-50500d1d2dda": {
3244
"type": "String",
3245
"metadata": {
3246
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3247
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3248
},
3249
"allowedValues": [
3250
"AuditIfNotExists",
@@ -3254,9 +3258,9 @@
3254
},
3255
"effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077": {
3256
"type": "String",
3257
"metadata": {
3258
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3259
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3260
},
3261
"allowedValues": [
3262
"Audit",
@@ -3267,9 +3271,9 @@
3267
},
3268
"effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e": {
3269
"type": "String",
3270
"metadata": {
3271
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3272
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3273
},
3274
"allowedValues": [
3275
"AuditIfNotExists",
@@ -3279,9 +3283,9 @@
3279
},
3280
"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f": {
3281
"type": "String",
3282
"metadata": {
3283
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3284
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3285
},
3286
"allowedValues": [
3287
"Audit",
@@ -3292,9 +3296,9 @@
3292
},
3293
"effect-13a6c84f-49a5-410a-b5df-5b880c3fe009": {
3294
"type": "String",
3295
"metadata": {
3296
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3297
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3298
},
3299
"allowedValues": [
3300
"AuditIfNotExists",
@@ -3304,9 +3308,9 @@
3304
},
3305
"effect-057ef27e-665e-4328-8ea3-04b3122bd9fb": {
3306
"type": "String",
3307
"metadata": {
3308
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3309
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3310
},
3311
"allowedValues": [
3312
"AuditIfNotExists",
@@ -3332,9 +3336,9 @@
3332
},
3333
"effect-d31e5c31-63b2-4f12-887b-e49456834fa1": {
3334
"type": "String",
3335
"metadata": {
3336
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3337
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3338
},
3339
"allowedValues": [
3340
"AuditIfNotExists",
@@ -3344,9 +3348,9 @@
3344
},
3345
"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811": {
3346
"type": "String",
3347
"metadata": {
3348
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3349
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3350
},
3351
"allowedValues": [
3352
"Audit",
@@ -3357,9 +3361,9 @@
3357
},
3358
"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580": {
3359
"type": "String",
3360
"metadata": {
3361
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3362
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3363
},
3364
"allowedValues": [
3365
"Audit",
@@ -3370,9 +3374,9 @@
3370
},
3371
"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457": {
3372
"type": "String",
3373
"metadata": {
3374
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3375
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3376
},
3377
"allowedValues": [
3378
"Audit",
@@ -3382,9 +3386,9 @@
3382
},
3383
"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735": {
3384
"type": "String",
3385
"metadata": {
3386
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3387
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3388
},
3389
"allowedValues": [
3390
"Audit",
@@ -3395,9 +3399,9 @@
3395
},
3396
"effect-0e6763cc-5078-4e64-889d-ff4d9a839047": {
3397
"type": "String",
3398
"metadata": {
3399
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3400
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3401
},
3402
"allowedValues": [
3403
"AuditIfNotExists",
@@ -3407,9 +3411,9 @@
3407
},
3408
"effect-b4dec045-250a-48c2-b5cc-e0c4eec8b5b4": {
3409
"type": "String",
3410
"metadata": {
3411
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3412
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3413
},
3414
"allowedValues": [
3415
"AuditIfNotExists",
@@ -3419,9 +3423,9 @@
3419
},
3420
"effect-b52376f7-9612-48a1-81cd-1ffe4b61032c": {
3421
"type": "String",
3422
"metadata": {
3423
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3424
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3425
},
3426
"allowedValues": [
3427
"Audit",
@@ -3432,9 +3436,9 @@
3432
},
3433
"effect-12430be1-6cc8-4527-a9a8-e3d38f250096": {
3434
"type": "String",
3435
"metadata": {
3436
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3437
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3438
},
3439
"allowedValues": [
3440
"Audit",
@@ -3457,9 +3461,9 @@
3457
},
3458
"effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835": {
3459
"type": "String",
3460
"metadata": {
3461
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3462
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3463
},
3464
"allowedValues": [
3465
"AuditIfNotExists",
@@ -3469,9 +3473,9 @@
3469
},
3470
"effect-549814b6-3212-4203-bdc8-1548d342fb67": {
3471
"type": "String",
3472
"metadata": {
3473
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3474
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3475
},
3476
"allowedValues": [
3477
"Audit",
@@ -3482,9 +3486,9 @@
3482
},
3483
"effect-1c06e275-d63d-4540-b761-71f364c2111d": {
3484
"type": "String",
3485
"metadata": {
3486
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3487
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3488
},
3489
"allowedValues": [
3490
"AuditIfNotExists",
@@ -3501,9 +3505,9 @@
3501
},
3502
"effect-d8cf8476-a2ec-4916-896e-992351803c44": {
3503
"type": "String",
3504
"metadata": {
3505
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3506
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3507
},
3508
"allowedValues": [
3509
"Audit",
@@ -3513,9 +3517,9 @@
3513
},
3514
"effect-245fc9df-fa96-4414-9a0b-3738c2f7341c": {
3515
"type": "String",
3516
"metadata": {
3517
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3518
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3519
},
3520
"allowedValues": [
3521
"AuditIfNotExists",
@@ -3533,9 +3537,9 @@
3533
},
3534
"effect-bf045164-79ba-4215-8f95-f8048dc1780b": {
3535
"type": "String",
3536
"metadata": {
3537
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3538
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3539
},
3540
"allowedValues": [
3541
"Audit",
@@ -3545,9 +3549,9 @@
3545
},
3546
"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8": {
3547
"type": "String",
3548
"metadata": {
3549
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3550
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3551
},
3552
"allowedValues": [
3553
"Audit",
@@ -3558,9 +3562,9 @@
3558
},
3559
"effect-af99038c-02fd-4a2f-ac24-386b62bf32de": {
3560
"type": "String",
3561
"metadata": {
3562
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3563
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3564
},
3565
"allowedValues": [
3566
"AuditIfNotExists",
@@ -3570,9 +3574,9 @@
3570
},
3571
"effect-22730e10-96f6-4aac-ad84-9383d35b5917": {
3572
"type": "String",
3573
"metadata": {
3574
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3575
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3576
},
3577
"allowedValues": [
3578
"AuditIfNotExists",
@@ -3582,9 +3586,9 @@
3582
},
3583
"effect-4b90e17e-8448-49db-875e-bd83fb6f804f": {
3584
"type": "String",
3585
"metadata": {
3586
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3587
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3588
},
3589
"allowedValues": [
3590
"Audit",
@@ -3594,9 +3598,9 @@
3594
},
3595
"effect-044985bb-afe1-42cd-8a36-9d5d42424537": {
3596
"type": "String",
3597
"metadata": {
3598
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3599
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3600
},
3601
"allowedValues": [
3602
"Audit",
@@ -3607,9 +3611,9 @@
3607
},
3608
"effect-ea4d6841-2173-4317-9747-ff522a45120f": {
3609
"type": "String",
3610
"metadata": {
3611
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3612
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3613
},
3614
"allowedValues": [
3615
"Audit",
@@ -3619,9 +3623,9 @@
3619
},
3620
"effect-9830b652-8523-49cc-b1b3-e17dce1127ca": {
3621
"type": "String",
3622
"metadata": {
3623
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3624
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3625
},
3626
"allowedValues": [
3627
"Audit",
@@ -3631,9 +3635,9 @@
3631
},
3632
"effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf": {
3633
"type": "String",
3634
"metadata": {
3635
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3636
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3637
},
3638
"allowedValues": [
3639
"AuditIfNotExists",
@@ -3643,9 +3647,9 @@
3643
},
3644
"effect-abda6d70-9778-44e7-84a8-06713e6db027": {
3645
"type": "String",
3646
"metadata": {
3647
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3648
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3649
},
3650
"allowedValues": [
3651
"Audit",
@@ -3656,9 +3660,9 @@
3656
},
3657
"effect-090c7b07-b4ed-4561-ad20-e9075f3ccaff": {
3658
"type": "String",
3659
"metadata": {
3660
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3661
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3662
},
3663
"allowedValues": [
3664
"AuditIfNotExists",
@@ -3668,9 +3672,9 @@
3668
},
3669
"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c": {
3670
"type": "String",
3671
"metadata": {
3672
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3673
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3674
},
3675
"allowedValues": [
3676
"AuditIfNotExists",
@@ -3680,9 +3684,9 @@
3680
},
3681
"effect-f39f5f49-4abf-44de-8c70-0756997bfb51": {
3682
"type": "String",
3683
"metadata": {
3684
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3685
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3686
},
3687
"allowedValues": [
3688
"AuditIfNotExists",
@@ -3710,9 +3714,9 @@
3710
},
3711
"effect-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": {
3712
"type": "String",
3713
"metadata": {
3714
- "displayName": "[Deprecated]: Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3715
"description": "For more information about effects, visit https://aka.ms/policyeffects",
3716
"deprecated": true
3717
},
3718
"allowedValues": [
@@ -3743,9 +3747,9 @@
3743
},
3744
"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a": {
3745
"type": "String",
3746
"metadata": {
3747
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3748
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3749
},
3750
"allowedValues": [
3751
"AuditIfNotExists",
@@ -3755,9 +3759,9 @@
3755
},
3756
"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15": {
3757
"type": "String",
3758
"metadata": {
3759
- "displayName": "[Deprecated]: Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3760
"description": "For more information about effects, visit https://aka.ms/policyeffects",
3761
"deprecated": true
3762
},
3763
"allowedValues": [
@@ -3768,9 +3772,9 @@
3768
},
3769
"effect-0564d078-92f5-4f97-8398-b9f58a51f70b": {
3770
"type": "String",
3771
"metadata": {
3772
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3773
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3774
},
3775
"allowedValues": [
3776
"AuditIfNotExists",
@@ -3780,9 +3784,9 @@
3780
},
3781
"effect-17f4b1cc-c55c-4d94-b1f9-2978f6ac2957": {
3782
"type": "String",
3783
"metadata": {
3784
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3785
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3786
},
3787
"allowedValues": [
3788
"AuditIfNotExists",
@@ -3792,9 +3796,9 @@
3792
},
3793
"effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c": {
3794
"type": "String",
3795
"metadata": {
3796
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3797
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3798
},
3799
"allowedValues": [
3800
"AuditIfNotExists",
@@ -3812,9 +3816,9 @@
3812
},
3813
"effect-6fac406b-40ca-413b-bf8e-0bf964659c25": {
3814
"type": "String",
3815
"metadata": {
3816
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3817
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3818
},
3819
"allowedValues": [
3820
"Audit",
@@ -3824,9 +3828,9 @@
3824
},
3825
"effect-0a1302fb-a631-4106-9753-f3d494733990": {
3826
"type": "String",
3827
"metadata": {
3828
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3829
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3830
},
3831
"allowedValues": [
3832
"AuditIfNotExists",
@@ -3836,9 +3840,9 @@
3836
},
3837
"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab": {
3838
"type": "String",
3839
"metadata": {
3840
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3841
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3842
},
3843
"allowedValues": [
3844
"Audit",
@@ -3849,9 +3853,9 @@
3849
},
3850
"effect-b954148f-4c11-4c38-8221-be76711e194a": {
3851
"type": "String",
3852
"metadata": {
3853
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3854
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3855
},
3856
"allowedValues": [
3857
"AuditIfNotExists",
@@ -3880,9 +3884,9 @@
3880
},
3881
"effect-0fea8f8a-4169-495d-8307-30ec335f387d": {
3882
"type": "String",
3883
"metadata": {
3884
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3885
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3886
},
3887
"allowedValues": [
3888
"Audit",
@@ -3892,9 +3896,9 @@
3892
},
3893
"effect-6edd7eda-6dd8-40f7-810d-67160c639cd9": {
3894
"type": "String",
3895
"metadata": {
3896
- "displayName": "Effect for policy: Anactivitylog alert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3897
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3898
},
3899
"allowedValues": [
3900
"AuditIfNotExists",
@@ -3916,9 +3920,9 @@
3916
},
3917
"effect-bfecdea6-31c4-4045-ad42-71b9dc87247d": {
3918
"type": "String",
3919
"metadata": {
3920
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3921
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3922
},
3923
"allowedValues": [
3924
"Audit",
@@ -3929,9 +3933,9 @@
3929
},
3930
"effect-7595c971-233d-4bcf-bd18-596129188c49": {
3931
"type": "String",
3932
"metadata": {
3933
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3934
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3935
},
3936
"allowedValues": [
3937
"AuditIfNotExists",
@@ -3941,9 +3945,9 @@
3941
},
3942
"effect-19dd1db6-f442-49cf-a838-b0786b4401ef": {
3943
"type": "String",
3944
"metadata": {
3945
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3946
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3947
},
3948
"allowedValues": [
3949
"AuditIfNotExists",
@@ -3953,9 +3957,9 @@
3953
},
3954
"effect-d9844e8a-1437-4aeb-a32c-0c992f056095": {
3955
"type": "String",
3956
"metadata": {
3957
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3958
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3959
},
3960
"allowedValues": [
3961
"Audit",
@@ -3966,9 +3970,9 @@
3966
},
3967
"effect-72d11df1-dd8a-41f7-8925-b05b960ebafc": {
3968
"type": "String",
3969
"metadata": {
3970
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3971
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3972
},
3973
"allowedValues": [
3974
"Audit",
@@ -3978,9 +3982,9 @@
3978
},
3979
"effect-e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9": {
3980
"type": "String",
3981
"metadata": {
3982
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3983
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3984
},
3985
"allowedValues": [
3986
"Audit",
@@ -4011,9 +4015,9 @@
4011
},
4012
"effect-ee984370-154a-4ee8-9726-19d900e56fc0": {
4013
"type": "String",
4014
"metadata": {
4015
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4016
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4017
},
4018
"allowedValues": [
4019
"AuditIfNotExists",
@@ -4023,9 +4027,9 @@
4023
},
4024
"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9": {
4025
"type": "String",
4026
"metadata": {
4027
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4028
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4029
},
4030
"allowedValues": [
4031
"AuditIfNotExists",
@@ -4035,9 +4039,9 @@
4035
},
4036
"effect-1f90fc71-a595-4066-8974-d4d0802e8ef0": {
4037
"type": "String",
4038
"metadata": {
4039
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4040
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4041
},
4042
"allowedValues": [
4043
"AuditIfNotExists",
@@ -4047,9 +4051,9 @@
4047
},
4048
"effect-f85bf3e0-d513-442e-89c3-1784ad63382b": {
4049
"type": "String",
4050
"metadata": {
4051
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4052
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4053
},
4054
"allowedValues": [
4055
"AuditIfNotExists",
@@ -4059,9 +4063,9 @@
4059
},
4060
"effect-78215662-041e-49ed-a9dd-5385911b3a1f": {
4061
"type": "String",
4062
"metadata": {
4063
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4064
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4065
},
4066
"allowedValues": [
4067
"Audit",
@@ -4085,9 +4089,9 @@
4085
},
4086
"effect-da0f98fe-a24b-4ad5-af69-bd0400233661": {
4087
"type": "String",
4088
"metadata": {
4089
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4090
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4091
},
4092
"allowedValues": [
4093
"AuditIfNotExists",
@@ -4097,9 +4101,9 @@
4097
},
4098
"effect-df73bd95-24da-4a4f-96b9-4e8b94b402bd": {
4099
"type": "String",
4100
"metadata": {
4101
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4102
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4103
},
4104
"allowedValues": [
4105
"AuditIfNotExists",
@@ -4122,9 +4126,9 @@
4122
},
4123
"effect-1c988dd6-ade4-430f-a608-2a3e5b0a6d38": {
4124
"type": "String",
4125
"metadata": {
4126
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4127
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4128
},
4129
"allowedValues": [
4130
"AuditIfNotExists",
@@ -4134,9 +4138,9 @@
4134
},
4135
"effect-d550e854-df1a-4de9-bf44-cd894b39a95e": {
4136
"type": "String",
4137
"metadata": {
4138
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4139
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4140
},
4141
"allowedValues": [
4142
"Audit",
@@ -4147,9 +4151,9 @@
4147
},
4148
"effect-1dc2fc00-2245-4143-99f4-874c937f13ef": {
4149
"type": "String",
4150
"metadata": {
4151
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4152
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4153
},
4154
"allowedValues": [
4155
"Audit",
@@ -4160,9 +4164,9 @@
4160
},
4161
"effect-051cba44-2429-45b9-9649-46cec11c7119": {
4162
"type": "String",
4163
"metadata": {
4164
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4165
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4166
},
4167
"allowedValues": [
4168
"Audit",
@@ -4172,9 +4176,9 @@
4172
},
4173
"effect-672fe5a1-2fcd-42d7-b85d-902b6e28c6ff": {
4174
"type": "String",
4175
"metadata": {
4176
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4177
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4178
},
4179
"allowedValues": [
4180
"AuditIfNotExists",
@@ -4184,9 +4188,9 @@
4184
},
4185
"effect-e71308d3-144b-4262-b144-efdc3cc90517": {
4186
"type": "String",
4187
"metadata": {
4188
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4189
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4190
},
4191
"allowedValues": [
4192
"AuditIfNotExists",
@@ -4196,9 +4200,9 @@
4196
},
4197
"effect-41425d9f-d1a5-499a-9932-f8ed8453932c": {
4198
"type": "String",
4199
"metadata": {
4200
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4201
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4202
},
4203
"allowedValues": [
4204
"Audit",
@@ -4229,9 +4233,9 @@
4229
},
4230
"effect-5d4e3c65-4873-47be-94f3-6f8b953a3598": {
4231
"type": "String",
4232
"metadata": {
4233
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4234
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4235
},
4236
"allowedValues": [
4237
"Audit",
@@ -4242,9 +4246,9 @@
4242
},
4243
"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a": {
4244
"type": "String",
4245
"metadata": {
4246
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4247
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4248
},
4249
"allowedValues": [
4250
"Audit",
@@ -4255,9 +4259,9 @@
4255
},
4256
"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87": {
4257
"type": "String",
4258
"metadata": {
4259
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4260
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4261
},
4262
"allowedValues": [
4263
"Audit",
@@ -4268,9 +4272,9 @@
4268
},
4269
"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66": {
4270
"type": "String",
4271
"metadata": {
4272
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4273
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4274
},
4275
"allowedValues": [
4276
"Audit",
@@ -4281,9 +4285,9 @@
4281
},
4282
"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9": {
4283
"type": "String",
4284
"metadata": {
4285
- "displayName": "Effect for policy: An activitylogalert should exist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4286
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4287
},
4288
"allowedValues": [
4289
"AuditIfNotExists",
@@ -4293,9 +4297,9 @@
4293
},
4294
"effect-c3d20c29-b36d-48fe-808b-99a87530ad99": {
4295
"type": "String",
4296
"metadata": {
4297
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4298
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4299
},
4300
"allowedValues": [
4301
"AuditIfNotExists",
@@ -4305,9 +4309,9 @@
4305
},
4306
"effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46": {
4307
"type": "String",
4308
"metadata": {
4309
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4310
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4311
},
4312
"allowedValues": [
4313
"AuditIfNotExists",
@@ -4325,9 +4329,9 @@
4325
},
4326
"effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45": {
4327
"type": "String",
4328
"metadata": {
4329
- "displayName": "Effect for policy: Anactivitylogalert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4330
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4331
},
4332
"allowedValues": [
4333
"AuditIfNotExists",
@@ -4345,9 +4349,9 @@
4345
},
4346
"effect-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": {
4347
"type": "String",
4348
"metadata": {
4349
- "displayName": "Effect for policy: Anactivitylog alert should existfor specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4350
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4351
},
4352
"allowedValues": [
4353
"AuditIfNotExists",
@@ -4375,9 +4379,9 @@
4375
},
4376
"effect-013e242c-8828-4970-87b3-ab247555486d": {
4377
"type": "String",
4378
"metadata": {
4379
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4380
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4381
},
4382
"allowedValues": [
4383
"AuditIfNotExists",
@@ -4387,9 +4391,9 @@
4387
},
4388
"effect-6c53d030-cc64-46f0-906d-2bc061cd1334": {
4389
"type": "String",
4390
"metadata": {
4391
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4392
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4393
},
4394
"allowedValues": [
4395
"Audit",
@@ -4400,9 +4404,9 @@
4400
},
4401
"effect-8405fdab-1faf-48aa-b702-999c9c172094": {
4402
"type": "String",
4403
"metadata": {
4404
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4405
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4406
},
4407
"allowedValues": [
4408
"Audit",
@@ -4412,9 +4416,9 @@
4412
},
4413
"effect-fc5e4038-4584-4632-8c85-c0448d374b2c": {
4414
"type": "String",
4415
"metadata": {
4416
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4417
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4418
},
4419
"allowedValues": [
4420
"AuditIfNotExists",
@@ -4424,9 +4428,9 @@
4424
},
4425
"effect-2154edb9-244f-4741-9970-660785bccdaa": {
4426
"type": "String",
4427
"metadata": {
4428
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4429
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4430
},
4431
"allowedValues": [
4432
"Audit",
@@ -4449,9 +4453,9 @@
4449
},
4450
"effect-a6abeaec-4d90-4a02-805f-6b26c4d3fbe9": {
4451
"type": "String",
4452
"metadata": {
4453
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4454
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4455
},
4456
"allowedValues": [
4457
"Audit",
@@ -4462,9 +4466,9 @@
4462
},
4463
"effect-b5ec538c-daa0-4006-8596-35468b9148e8": {
4464
"type": "String",
4465
"metadata": {
4466
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4467
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4468
},
4469
"allowedValues": [
4470
"Audit",
@@ -4475,9 +4479,9 @@
4475
},
4476
"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3": {
4477
"type": "String",
4478
"metadata": {
4479
- "displayName": "Effect for policy: Anactivitylogalert should existforspecific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4480
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4481
},
4482
"allowedValues": [
4483
"Audit",
@@ -4488,9 +4492,9 @@
4488
},
4489
"effect-21a6bc25-125e-4d13-b82d-2e19b7208ab7": {
4490
"type": "String",
4491
"metadata": {
4492
- "displayName": "Effect for policy: Anactivitylog alert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4493
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4494
},
4495
"allowedValues": [
4496
"Audit",
@@ -4501,9 +4505,9 @@
4501
},
4502
"effect-6ba6d016-e7c3-4842-b8f2-4992ebc0d72d": {
4503
"type": "String",
4504
"metadata": {
4505
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4506
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4507
},
4508
"allowedValues": [
4509
"AuditIfNotExists",
@@ -4513,9 +4517,9 @@
4513
},
4514
"effect-1bc02227-0cb6-4e11-8f53-eb0b22eab7e8": {
4515
"type": "String",
4516
"metadata": {
4517
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4518
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4519
},
4520
"allowedValues": [
4521
"Audit",
@@ -4548,9 +4552,9 @@
4548
},
4549
"effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2": {
4550
"type": "String",
4551
"metadata": {
4552
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4553
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4554
},
4555
"allowedValues": [
4556
"AuditIfNotExists",
@@ -4582,9 +4586,9 @@
4582
},
4583
"effect-237b38db-ca4d-4259-9e47-7882441ca2c0": {
4584
"type": "String",
4585
"metadata": {
4586
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4587
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4588
},
4589
"allowedValues": [
4590
"AuditIfNotExists",
@@ -4602,9 +4606,9 @@
4602
},
4603
"effect-0a075868-4c26-42ef-914c-5bc007359560": {
4604
"type": "String",
4605
"metadata": {
4606
- "displayName": "Effect for policy: Anactivity log alert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4607
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4608
},
4609
"allowedValues": [
4610
"Audit",
@@ -4615,9 +4619,9 @@
4615
},
4616
"effect-56fd377d-098c-4f02-8406-81eb055902b8": {
4617
"type": "String",
4618
"metadata": {
4619
- "displayName": "Effect for policy: AnactivitylogalertshouldexistforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4620
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4621
},
4622
"allowedValues": [
4623
"Audit",
@@ -4627,9 +4631,9 @@
4627
},
4628
"effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d": {
4629
"type": "String",
4630
"metadata": {
4631
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4632
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4633
},
4634
"allowedValues": [
4635
"AuditIfNotExists",
@@ -4655,9 +4659,9 @@
4655
},
4656
"effect-e2dd799a-a932-4e9d-ac17-d473bc3c6c10": {
4657
"type": "String",
4658
"metadata": {
4659
- "displayName": "Effect for policy: Anactivitylogalertshouldexist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4660
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4661
},
4662
"allowedValues": [
4663
"AuditIfNotExists",
@@ -4667,9 +4671,9 @@
4667
},
4668
"effect-deeddb44-9f94-4903-9fa0-081d524406e3": {
4669
"type": "String",
4670
"metadata": {
4671
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4672
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4673
},
4674
"allowedValues": [
4675
"Audit",
@@ -4679,9 +4683,9 @@
4679
},
4680
"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9": {
4681
"type": "String",
4682
"metadata": {
4683
- "displayName": "Effect for policy: Anactivitylogalert should exist for specificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4684
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4685
},
4686
"allowedValues": [
4687
"AuditIfNotExists",
@@ -4691,9 +4695,9 @@
4691
},
4692
"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9": {
4693
"type": "String",
4694
"metadata": {
4695
- "displayName": "Effect for policy: Anactivitylogalert should existforspecificAdministrativeoperations(Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4696
"description": "For more information about effects, visit https://aka.ms/policyeffects"
"displayName": "EU General Data Protection Regulation (GDPR) 2016/679",
3
"description": "Comprehensive data protection law regulating personal data processing within the EU.",
4
"metadata": {
5
+ "version": "1.4.0",
6
"category": "Regulatory Compliance"
7
},
8
+ "version": "1.4.0",
9
"parameters": {
10
"effect-45e05259-1eb5-4f70-9574-baf73e9d219b": {
11
"type": "String",
12
"metadata": {
13
+ "displayName": "Effect for policy: Azure Machine Learning workspaces should use private link",
14
"description": "For more information about effects, visit https://aka.ms/policyeffects"
15
},
16
"allowedValues": [
17
"Audit",
21
},
22
"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa": {
23
"type": "String",
24
"metadata": {
25
+ "displayName": "Effect for policy: Azure Data Explorer encryption at rest should use a customer-managed key",
26
"description": "For more information about effects, visit https://aka.ms/policyeffects"
27
},
28
"allowedValues": [
29
"Audit",
34
},
35
"effect-f655e522-adff-494d-95c2-52d4f6d56a42": {
36
"type": "String",
37
"metadata": {
38
+ "displayName": "Effect for policy: Guest Attestation extension should be installed on supported Windows virtual machines scale sets",
39
"description": "For more information about effects, visit https://aka.ms/policyeffects"
40
},
41
"allowedValues": [
42
"AuditIfNotExists",
46
},
47
"effect-40e85574-ef33-47e8-a854-7a65c7500560": {
48
"type": "String",
49
"metadata": {
50
+ "displayName": "Effect for policy: Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled",
51
"description": "For more information about effects, visit https://aka.ms/policyeffects"
52
},
53
"allowedValues": [
54
"AuditIfNotExists",
58
},
59
"effect-fa298e57-9444-42ba-bf04-86e8470e32c7": {
60
"type": "String",
61
"metadata": {
62
+ "displayName": "Effect for policy: Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption",
63
"description": "For more information about effects, visit https://aka.ms/policyeffects"
64
},
65
"allowedValues": [
66
"Audit",
71
},
72
"effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0": {
73
"type": "String",
74
"metadata": {
75
+ "displayName": "Effect for policy: Service Fabric clusters should only use Azure Active Directory for client authentication",
76
"description": "For more information about effects, visit https://aka.ms/policyeffects"
77
},
78
"allowedValues": [
79
"Audit",
97
},
98
"effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023": {
99
"type": "String",
100
"metadata": {
101
+ "displayName": "Effect for policy: Audit Linux machines that allow remote connections from accounts without passwords",
102
"description": "For more information about effects, visit https://aka.ms/policyeffects"
103
},
104
"allowedValues": [
105
"AuditIfNotExists",
109
},
110
"effect-df39c015-56a4-45de-b4a3-efe77bed320d": {
111
"type": "String",
112
"metadata": {
113
+ "displayName": "Effect for policy: IoT Hub device provisioning service instances should use private link",
114
"description": "For more information about effects, visit https://aka.ms/policyeffects"
115
},
116
"allowedValues": [
117
"Audit",
121
},
122
"effect-3b980d31-7904-4bb7-8575-5665739a8052": {
123
"type": "String",
124
"metadata": {
125
+ "displayName": "Effect for policy: An activity log alert should exist for specific Security operations",
126
"description": "For more information about effects, visit https://aka.ms/policyeffects"
127
},
128
"allowedValues": [
129
"AuditIfNotExists",
145
},
146
"effect-c251913d-7d24-4958-af87-478ed3b9ba41": {
147
"type": "String",
148
"metadata": {
149
+ "displayName": "Effect for policy: Flow logs should be configured for every network security group",
150
"description": "For more information about effects, visit https://aka.ms/policyeffects"
151
},
152
"allowedValues": [
153
"Audit",
157
},
158
"effect-47031206-ce96-41f8-861b-6a915f3de284": {
159
"type": "String",
160
"metadata": {
161
+ "displayName": "Effect for policy: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK)",
162
"description": "For more information about effects, visit https://aka.ms/policyeffects"
163
},
164
"allowedValues": [
165
"Audit",
170
},
171
"effect-6b2122c1-8120-4ff5-801b-17625a355590": {
172
"type": "String",
173
"metadata": {
174
+ "displayName": "Effect for policy: Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed",
175
"description": "For more information about effects, visit https://aka.ms/policyeffects"
176
},
177
"allowedValues": [
178
"AuditIfNotExists",
182
},
183
"effect-2e94d99a-8a36-4563-bc77-810d8893b671": {
184
"type": "String",
185
"metadata": {
186
+ "displayName": "Effect for policy: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data",
187
"description": "For more information about effects, visit https://aka.ms/policyeffects"
188
},
189
"allowedValues": [
190
"Audit",
207
},
208
"effect-a1817ec0-a368-432a-8057-8371e17ac6ee": {
209
"type": "String",
210
"metadata": {
211
+ "displayName": "Effect for policy: All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace",
212
"description": "For more information about effects, visit https://aka.ms/policyeffects"
213
},
214
"allowedValues": [
215
"Audit",
220
},
221
"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb": {
222
"type": "String",
223
"metadata": {
224
+ "displayName": "Effect for policy: Azure Defender for App Service should be enabled",
225
"description": "For more information about effects, visit https://aka.ms/policyeffects"
226
},
227
"allowedValues": [
228
"AuditIfNotExists",
232
},
233
"effect-0a15ec92-a229-4763-bb14-0ea34a568f8d": {
234
"type": "String",
235
"metadata": {
236
+ "displayName": "Effect for policy: Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters",
237
"description": "For more information about effects, visit https://aka.ms/policyeffects"
238
},
239
"allowedValues": [
240
"Audit",
244
},
245
"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9": {
246
"type": "String",
247
"metadata": {
248
+ "displayName": "Effect for policy: Function apps should have remote debugging turned off",
249
"description": "For more information about effects, visit https://aka.ms/policyeffects"
250
},
251
"allowedValues": [
252
"AuditIfNotExists",
256
},
257
"effect-a2a5b911-5617-447e-a49e-59dbe0e0434b": {
258
"type": "String",
259
"metadata": {
260
+ "displayName": "Effect for policy: Resource logs in Azure Key Vault Managed HSM should be enabled",
261
"description": "For more information about effects, visit https://aka.ms/policyeffects"
262
},
263
"allowedValues": [
264
"AuditIfNotExists",
276
},
277
"effect-7804b5c7-01dc-4723-969b-ae300cc07ff1": {
278
"type": "String",
279
"metadata": {
280
+ "displayName": "Effect for policy: Azure Machine Learning Computes should be in a virtual network",
281
"description": "For more information about effects, visit https://aka.ms/policyeffects"
282
},
283
"allowedValues": [
284
"Audit",
288
},
289
"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c": {
290
"type": "String",
291
"metadata": {
292
+ "displayName": "Effect for policy: Azure Web Application Firewall should be enabled for Azure Front Door entry-points",
293
"description": "For more information about effects, visit https://aka.ms/policyeffects"
294
},
295
"allowedValues": [
296
"Audit",
301
},
302
"effect-3e596b57-105f-48a6-be97-03e9243bad6e": {
303
"type": "String",
304
"metadata": {
305
+ "displayName": "Effect for policy: Azure Monitor solution 'Security and Audit' must be deployed",
306
"description": "For more information about effects, visit https://aka.ms/policyeffects"
307
},
308
"allowedValues": [
309
"AuditIfNotExists",
313
},
314
"effect-3dc5edcd-002d-444c-b216-e123bbfa37c0": {
315
"type": "String",
316
"metadata": {
317
+ "displayName": "Effect for policy: Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost.",
318
"description": "For more information about effects, visit https://aka.ms/policyeffects"
319
},
320
"allowedValues": [
321
"AuditIfNotExists",
325
},
326
"effect-8af8f826-edcb-4178-b35f-851ea6fea615": {
327
"type": "String",
328
"metadata": {
329
+ "displayName": "Effect for policy: Azure Container Instance container group should deploy into a virtual network",
330
"description": "For more information about effects, visit https://aka.ms/policyeffects"
331
},
332
"allowedValues": [
333
"Audit",
338
},
339
"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5": {
340
"type": "String",
341
"metadata": {
342
+ "displayName": "Effect for policy: Audit usage of custom RBAC roles",
343
"description": "For more information about effects, visit https://aka.ms/policyeffects"
344
},
345
"allowedValues": [
346
"Audit",
350
},
351
"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d": {
352
"type": "String",
353
"metadata": {
354
+ "displayName": "Effect for policy: Virtual machines should be migrated to new Azure Resource Manager resources",
355
"description": "For more information about effects, visit https://aka.ms/policyeffects"
356
},
357
"allowedValues": [
358
"Audit",
363
},
364
"effect-7ff426e2-515f-405a-91c8-4f2333442eb5": {
365
"type": "String",
366
"metadata": {
367
+ "displayName": "Effect for policy: SQL Auditing settings should have Action-Groups configured to capture critical activities",
368
"description": "For more information about effects, visit https://aka.ms/policyeffects"
369
},
370
"allowedValues": [
371
"AuditIfNotExists",
375
},
376
"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc": {
377
"type": "String",
378
"metadata": {
379
+ "displayName": "Effect for policy: Azure AI Services resources should have key access disabled (disable local authentication)",
380
"description": "For more information about effects, visit https://aka.ms/policyeffects"
381
},
382
"allowedValues": [
383
"Audit",
388
},
389
"effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4": {
390
"type": "String",
391
"metadata": {
392
+ "displayName": "Effect for policy: Container registries should use private link",
393
"description": "For more information about effects, visit https://aka.ms/policyeffects"
394
},
395
"allowedValues": [
396
"Audit",
400
},
401
"effect-98728c90-32c7-4049-8429-847dc0f4fe37": {
402
"type": "String",
403
"metadata": {
404
+ "displayName": "Effect for policy: Key Vault secrets should have an expiration date",
405
"description": "For more information about effects, visit https://aka.ms/policyeffects"
406
},
407
"allowedValues": [
408
"Audit",
413
},
414
"effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2": {
415
"type": "String",
416
"metadata": {
417
+ "displayName": "Effect for policy: Cosmos DB database accounts should have local authentication methods disabled",
418
"description": "For more information about effects, visit https://aka.ms/policyeffects"
419
},
420
"allowedValues": [
421
"Audit",
447
},
448
"effect-33936777-f2ac-45aa-82ec-07958ec9ade4": {
449
"type": "String",
450
"metadata": {
451
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Audit'",
452
"description": "For more information about effects, visit https://aka.ms/policyeffects"
453
},
454
"allowedValues": [
455
"AuditIfNotExists",
459
},
460
"effect-83a214f7-d01a-484b-91a9-ed54470c9a6a": {
461
"type": "String",
462
"metadata": {
463
+ "displayName": "Effect for policy: Resource logs in Event Hub should be enabled",
464
"description": "For more information about effects, visit https://aka.ms/policyeffects"
465
},
466
"allowedValues": [
467
"AuditIfNotExists",
479
},
480
"effect-f9d614c5-c173-4d56-95a7-b4437057d193": {
481
"type": "String",
482
"metadata": {
483
+ "displayName": "Effect for policy: Function apps should use the latest TLS version",
484
"description": "For more information about effects, visit https://aka.ms/policyeffects"
485
},
486
"allowedValues": [
487
"AuditIfNotExists",
491
},
492
"effect-3ac7c827-eea2-4bde-acc7-9568cd320efa": {
493
"type": "String",
494
"metadata": {
495
+ "displayName": "Effect for policy: Machines should have secret findings resolved",
496
"description": "For more information about effects, visit https://aka.ms/policyeffects"
497
},
498
"allowedValues": [
499
"AuditIfNotExists",
503
},
504
"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d": {
505
"type": "String",
506
"metadata": {
507
+ "displayName": "Effect for policy: Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK)",
508
"description": "For more information about effects, visit https://aka.ms/policyeffects"
509
},
510
"allowedValues": [
511
"Audit",
541
},
542
"effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b": {
543
"type": "String",
544
"metadata": {
545
+ "displayName": "Effect for policy: App Service apps should require FTPS only",
546
"description": "For more information about effects, visit https://aka.ms/policyeffects"
547
},
548
"allowedValues": [
549
"AuditIfNotExists",
553
},
554
"effect-18adea5e-f416-4d0f-8aa8-d24321e3e274": {
555
"type": "String",
556
"metadata": {
557
+ "displayName": "Effect for policy: PostgreSQL servers should use customer-managed keys to encrypt data at rest",
558
"description": "For more information about effects, visit https://aka.ms/policyeffects"
559
},
560
"allowedValues": [
561
"AuditIfNotExists",
565
},
566
"effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea": {
567
"type": "String",
568
"metadata": {
569
+ "displayName": "Effect for policy: Authorized IP ranges should be defined on Kubernetes Services",
570
"description": "For more information about effects, visit https://aka.ms/policyeffects"
571
},
572
"allowedValues": [
573
"Audit",
577
},
578
"effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": {
579
"type": "String",
580
"metadata": {
581
+ "displayName": "Effect for policy: Key Vault keys should have an expiration date",
582
"description": "For more information about effects, visit https://aka.ms/policyeffects"
583
},
584
"allowedValues": [
585
"Audit",
590
},
591
"effect-0fdf0491-d080-4575-b627-ad0e843cba0f": {
592
"type": "String",
593
"metadata": {
594
+ "displayName": "Effect for policy: Public network access should be disabled for Container registries",
595
"description": "For more information about effects, visit https://aka.ms/policyeffects"
596
},
597
"allowedValues": [
598
"Audit",
603
},
604
"effect-a4af4a39-4135-47fb-b175-47fbdf85311d": {
605
"type": "String",
606
"metadata": {
607
+ "displayName": "Effect for policy: App Service apps should only be accessible over HTTPS",
608
"description": "For more information about effects, visit https://aka.ms/policyeffects"
609
},
610
"allowedValues": [
611
"Audit",
616
},
617
"effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6": {
618
"type": "String",
619
"metadata": {
620
+ "displayName": "Effect for policy: Resource logs in Azure Machine Learning Workspaces should be enabled",
621
"description": "For more information about effects, visit https://aka.ms/policyeffects"
622
},
623
"allowedValues": [
624
"AuditIfNotExists",
636
},
637
"effect-404c3081-a854-4457-ae30-26a93ef643f9": {
638
"type": "String",
639
"metadata": {
640
+ "displayName": "Effect for policy: Secure transfer to storage accounts should be enabled",
641
"description": "For more information about effects, visit https://aka.ms/policyeffects"
642
},
643
"allowedValues": [
644
"Audit",
649
},
650
"effect-f7d52b2d-e161-4dfa-a82b-55e564167385": {
651
"type": "String",
652
"metadata": {
653
+ "displayName": "Effect for policy: Azure Synapse workspaces should use customer-managed keys to encrypt data at rest",
654
"description": "For more information about effects, visit https://aka.ms/policyeffects"
655
},
656
"allowedValues": [
657
"Audit",
662
},
663
"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67": {
664
"type": "String",
665
"metadata": {
666
+ "displayName": "Effect for policy: Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys",
667
"description": "For more information about effects, visit https://aka.ms/policyeffects"
668
},
669
"allowedValues": [
670
"Audit",
675
},
676
"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": {
677
"type": "String",
678
"metadata": {
679
+ "displayName": "Effect for policy: Vulnerability assessment should be enabled on your SQL servers",
680
"description": "For more information about effects, visit https://aka.ms/policyeffects"
681
},
682
"allowedValues": [
683
"AuditIfNotExists",
687
},
688
"effect-295fc8b1-dc9f-4f53-9c61-3f313ceab40a": {
689
"type": "String",
690
"metadata": {
691
+ "displayName": "Effect for policy: Service Bus Premium namespaces should use a customer-managed key for encryption",
692
"description": "For more information about effects, visit https://aka.ms/policyeffects"
693
},
694
"allowedValues": [
695
"Audit",
699
},
700
"effect-0049a6b3-a662-4f3e-8635-39cf44ace45a": {
701
"type": "String",
702
"metadata": {
703
+ "displayName": "Effect for policy: Vulnerability assessment should be enabled on your Synapse workspaces",
704
"description": "For more information about effects, visit https://aka.ms/policyeffects"
705
},
706
"allowedValues": [
707
"AuditIfNotExists",
724
},
725
"effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd": {
726
"type": "String",
727
"metadata": {
728
+ "displayName": "Effect for policy: Linux machines should meet requirements for the Azure compute security baseline",
729
"description": "For more information about effects, visit https://aka.ms/policyeffects"
730
},
731
"allowedValues": [
732
"AuditIfNotExists",
736
},
737
"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d": {
738
"type": "String",
739
"metadata": {
740
+ "displayName": "Effect for policy: Enforce SSL connection should be enabled for MySQL database servers",
741
"description": "For more information about effects, visit https://aka.ms/policyeffects"
742
},
743
"allowedValues": [
744
"Audit",
748
},
749
"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af": {
750
"type": "String",
751
"metadata": {
752
+ "displayName": "Effect for policy: Enforce SSL connection should be enabled for PostgreSQL database servers",
753
"description": "For more information about effects, visit https://aka.ms/policyeffects"
754
},
755
"allowedValues": [
756
"Audit",
773
},
774
"effect-87845465-c458-45f3-af66-dcd62176f397": {
775
"type": "String",
776
"metadata": {
777
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'System Audit Policies - Privilege Use'",
778
"description": "For more information about effects, visit https://aka.ms/policyeffects"
779
},
780
"allowedValues": [
781
"AuditIfNotExists",
785
},
786
"effect-efbde977-ba53-4479-b8e9-10b957924fbf": {
787
"type": "String",
788
"metadata": {
789
+ "displayName": "Effect for policy: The Log Analytics extension should be installed on Virtual Machine Scale Sets",
790
"description": "For more information about effects, visit https://aka.ms/policyeffects"
791
},
792
"allowedValues": [
793
"AuditIfNotExists",
810
},
811
"effect-e6955644-301c-44b5-a4c4-528577de6861": {
812
"type": "String",
813
"metadata": {
814
+ "displayName": "Effect for policy: Audit Linux machines that do not have the passwd file permissions set to 0644",
815
"description": "For more information about effects, visit https://aka.ms/policyeffects"
816
},
817
"allowedValues": [
818
"AuditIfNotExists",
835
},
836
"effect-630c64f9-8b6b-4c64-b511-6544ceff6fd6": {
837
"type": "String",
838
"metadata": {
839
+ "displayName": "Effect for policy: Authentication to Linux machines should require SSH keys",
840
"description": "For more information about effects, visit https://aka.ms/policyeffects"
841
},
842
"allowedValues": [
843
"AuditIfNotExists",
872
},
873
"effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40": {
874
"type": "String",
875
"metadata": {
876
+ "displayName": "Effect for policy: Windows Defender Exploit Guard should be enabled on your machines",
877
"description": "For more information about effects, visit https://aka.ms/policyeffects"
878
},
879
"allowedValues": [
880
"AuditIfNotExists",
884
},
885
"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780": {
886
"type": "String",
887
"metadata": {
888
+ "displayName": "Effect for policy: Public network access on Azure SQL Database should be disabled",
889
"description": "For more information about effects, visit https://aka.ms/policyeffects"
890
},
891
"allowedValues": [
892
"Audit",
897
},
898
"effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f": {
899
"type": "String",
900
"metadata": {
901
+ "displayName": "Effect for policy: Function apps should use managed identity",
902
"description": "For more information about effects, visit https://aka.ms/policyeffects"
903
},
904
"allowedValues": [
905
"AuditIfNotExists",
909
},
910
"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e": {
911
"type": "String",
912
"metadata": {
913
+ "displayName": "Effect for policy: Disk encryption should be enabled on Azure Data Explorer",
914
"description": "For more information about effects, visit https://aka.ms/policyeffects"
915
},
916
"allowedValues": [
917
"Audit",
943
},
944
"effect-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0": {
945
"type": "String",
946
"metadata": {
947
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Recovery console'",
948
"description": "For more information about effects, visit https://aka.ms/policyeffects"
949
},
950
"allowedValues": [
951
"AuditIfNotExists",
955
},
956
"effect-640d2586-54d2-465f-877f-9ffc1d2109f4": {
957
"type": "String",
958
"metadata": {
959
+ "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled",
960
"description": "For more information about effects, visit https://aka.ms/policyeffects"
961
},
962
"allowedValues": [
963
"AuditIfNotExists",
967
},
968
"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb": {
969
"type": "String",
970
"metadata": {
971
+ "displayName": "Effect for policy: Azure Cosmos DB accounts should have firewall rules",
972
"description": "For more information about effects, visit https://aka.ms/policyeffects"
973
},
974
"allowedValues": [
975
"Audit",
980
},
981
"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6": {
982
"type": "String",
983
"metadata": {
984
+ "displayName": "Effect for policy: Azure Container Instance container group should use customer-managed key for encryption",
985
"description": "For more information about effects, visit https://aka.ms/policyeffects"
986
},
987
"allowedValues": [
988
"Audit",
993
},
994
"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b": {
995
"type": "String",
996
"metadata": {
997
+ "displayName": "Effect for policy: App Service apps should use the latest TLS version",
998
"description": "For more information about effects, visit https://aka.ms/policyeffects"
999
},
1000
"allowedValues": [
1001
"AuditIfNotExists",
1024
},
1025
"effect-75c4f823-d65c-4f29-a733-01d0077fdbcb": {
1026
"type": "String",
1027
"metadata": {
1028
+ "displayName": "Effect for policy: Keys should be the specified cryptographic type RSA or EC",
1029
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1030
},
1031
"allowedValues": [
1032
"Audit",
1037
},
1038
"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0": {
1039
"type": "String",
1040
"metadata": {
1041
+ "displayName": "Effect for policy: Geo-redundant backup should be enabled for Azure Database for MariaDB",
1042
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1043
},
1044
"allowedValues": [
1045
"Audit",
1049
},
1050
"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57": {
1051
"type": "String",
1052
"metadata": {
1053
+ "displayName": "Effect for policy: Microsoft Antimalware for Azure should be configured to automatically update protection signatures",
1054
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1055
},
1056
"allowedValues": [
1057
"AuditIfNotExists",
1081
},
1082
"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7": {
1083
"type": "String",
1084
"metadata": {
1085
+ "displayName": "Effect for policy: Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'",
1086
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1087
},
1088
"allowedValues": [
1089
"AuditIfNotExists",
1093
},
1094
"effect-428256e6-1fac-4f48-a757-df34c2b3336d": {
1095
"type": "String",
1096
"metadata": {
1097
+ "displayName": "Effect for policy: Resource logs in Batch accounts should be enabled",
1098
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1099
},
1100
"allowedValues": [
1101
"AuditIfNotExists",
1113
},
1114
"effect-2158ddbe-fefa-408e-b43f-d4faef8ff3b8": {
1115
"type": "String",
1116
"metadata": {
1117
+ "displayName": "Effect for policy: Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation",
1118
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1119
},
1120
"allowedValues": [
1121
"Audit",
1126
},
1127
"effect-797b37f7-06b8-444c-b1ad-fc62867f335a": {
1128
"type": "String",
1129
"metadata": {
1130
+ "displayName": "Effect for policy: Azure Cosmos DB should disable public network access",
1131
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1132
},
1133
"allowedValues": [
1134
"Audit",
1139
},
1140
"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb": {
1141
"type": "String",
1142
"metadata": {
1143
+ "displayName": "Effect for policy: Only secure connections to your Azure Cache for Redis should be enabled",
1144
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1145
},
1146
"allowedValues": [
1147
"Audit",
1152
},
1153
"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899": {
1154
"type": "String",
1155
"metadata": {
1156
+ "displayName": "Effect for policy: Email notification for high severity alerts should be enabled",
1157
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1158
},
1159
"allowedValues": [
1160
"AuditIfNotExists",
1177
},
1178
"effect-94d9aca8-3757-46df-aa51-f218c5f11954": {
1179
"type": "String",
1180
"metadata": {
1181
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'System Audit Policies - Account Management'",
1182
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1183
},
1184
"allowedValues": [
1185
"AuditIfNotExists",
1189
},
1190
"effect-9daedab3-fb2d-461e-b861-71790eead4f6": {
1191
"type": "String",
1192
"metadata": {
1193
+ "displayName": "Effect for policy: All network ports should be restricted on network security groups associated to your virtual machine",
1194
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1195
},
1196
"allowedValues": [
1197
"AuditIfNotExists",
1201
},
1202
"effect-8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54": {
1203
"type": "String",
1204
"metadata": {
1205
+ "displayName": "Effect for policy: Storage accounts should prevent shared key access",
1206
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1207
},
1208
"allowedValues": [
1209
"Audit",
1214
},
1215
"effect-2d21331d-a4c2-4def-a9ad-ee4e1e023beb": {
1216
"type": "String",
1217
"metadata": {
1218
+ "displayName": "Effect for policy: App Service apps should use a virtual network service endpoint",
1219
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1220
},
1221
"allowedValues": [
1222
"AuditIfNotExists",
1226
},
1227
"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b": {
1228
"type": "String",
1229
"metadata": {
1230
+ "displayName": "Effect for policy: Azure Automation accounts should use customer-managed keys to encrypt data at rest",
1231
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1232
},
1233
"allowedValues": [
1234
"Audit",
1274
},
1275
"effect-bf16e0bb-31e1-4646-8202-60a235cc7e74": {
1276
"type": "String",
1277
"metadata": {
1278
+ "displayName": "Effect for policy: Audit Windows machines that do not have the password complexity setting enabled",
1279
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1280
},
1281
"allowedValues": [
1282
"AuditIfNotExists",
1286
},
1287
"effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f": {
1288
"type": "String",
1289
"metadata": {
1290
+ "displayName": "Effect for policy: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed",
1291
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1292
},
1293
"allowedValues": [
1294
"AuditIfNotExists",
1298
},
1299
"effect-46aa9b05-0e60-4eae-a88b-1e9d374fa515": {
1300
"type": "String",
1301
"metadata": {
1302
+ "displayName": "Effect for policy: Cognitive Services accounts should use customer owned storage",
1303
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1304
},
1305
"allowedValues": [
1306
"Audit",
1311
},
1312
"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9": {
1313
"type": "String",
1314
"metadata": {
1315
+ "displayName": "Effect for policy: Azure Defender for SQL should be enabled for unprotected Azure SQL servers",
1316
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1317
},
1318
"allowedValues": [
1319
"AuditIfNotExists",
1323
},
1324
"effect-91a78b24-f231-4a8a-8da9-02c35b2b6510": {
1325
"type": "String",
1326
"metadata": {
1327
+ "displayName": "Effect for policy: App Service apps should have resource logs enabled",
1328
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1329
},
1330
"allowedValues": [
1331
"AuditIfNotExists",
1351
},
1352
"effect-d461a302-a187-421a-89ac-84acdb4edc04": {
1353
"type": "String",
1354
"metadata": {
1355
+ "displayName": "Effect for policy: Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption",
1356
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1357
},
1358
"allowedValues": [
1359
"Audit",
1364
},
1365
"effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34": {
1366
"type": "String",
1367
"metadata": {
1368
+ "displayName": "Effect for policy: Azure Defender for SQL should be enabled for unprotected MySQL flexible servers",
1369
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1370
},
1371
"allowedValues": [
1372
"AuditIfNotExists",
1376
},
1377
"effect-ca91455f-eace-4f96-be59-e6e2c35b4816": {
1378
"type": "String",
1379
"metadata": {
1380
+ "displayName": "Effect for policy: Managed disks should be double encrypted with both platform-managed and customer-managed keys",
1381
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1382
},
1383
"allowedValues": [
1384
"Audit",
1389
},
1390
"effect-f4826e5f-6a27-407c-ae3e-9582eb39891d": {
1391
"type": "String",
1392
"metadata": {
1393
+ "displayName": "Effect for policy: Authorization rules on the Event Hub instance should be defined",
1394
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1395
},
1396
"allowedValues": [
1397
"AuditIfNotExists",
1401
},
1402
"effect-7803067c-7d34-46e3-8c79-0ca68fc4036d": {
1403
"type": "String",
1404
"metadata": {
1405
+ "displayName": "Effect for policy: Azure Cache for Redis should use private link",
1406
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1407
},
1408
"allowedValues": [
1409
"AuditIfNotExists",
1413
},
1414
"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c": {
1415
"type": "String",
1416
"metadata": {
1417
+ "displayName": "Effect for policy: Storage accounts should restrict network access",
1418
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1419
},
1420
"allowedValues": [
1421
"Audit",
1426
},
1427
"effect-ab6a902f-9493-453b-928d-62c30b11b5a6": {
1428
"type": "String",
1429
"metadata": {
1430
+ "displayName": "Effect for policy: Function apps should have Client Certificates (Incoming client certificates) enabled",
1431
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1432
},
1433
"allowedValues": [
1434
"AuditIfNotExists",
1438
},
1439
"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606": {
1440
"type": "String",
1441
"metadata": {
1442
+ "displayName": "Effect for policy: Storage accounts should be migrated to new Azure Resource Manager resources",
1443
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1444
},
1445
"allowedValues": [
1446
"Audit",
1451
},
1452
"effect-3d9f5e4c-9947-4579-9539-2a7695fbc187": {
1453
"type": "String",
1454
"metadata": {
1455
+ "displayName": "Effect for policy: App Configuration should disable public network access",
1456
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1457
},
1458
"allowedValues": [
1459
"Audit",
1464
},
1465
"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c": {
1466
"type": "String",
1467
"metadata": {
1468
+ "displayName": "Effect for policy: Internet-facing virtual machines should be protected with network security groups",
1469
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1470
},
1471
"allowedValues": [
1472
"AuditIfNotExists",
1476
},
1477
"effect-009a0c92-f5b4-4776-9b66-4ed2b4775563": {
1478
"type": "String",
1479
"metadata": {
1480
+ "displayName": "Effect for policy: Private endpoint connections on Batch accounts should be enabled",
1481
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1482
},
1483
"allowedValues": [
1484
"AuditIfNotExists",
1488
},
1489
"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7": {
1490
"type": "String",
1491
"metadata": {
1492
+ "displayName": "Effect for policy: Azure Stream Analytics jobs should use customer-managed keys to encrypt data",
1493
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1494
},
1495
"allowedValues": [
1496
"Audit",
1501
},
1502
"effect-fb893a29-21bb-418c-a157-e99480ec364c": {
1503
"type": "String",
1504
"metadata": {
1505
+ "displayName": "Effect for policy: Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version",
1506
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1507
},
1508
"allowedValues": [
1509
"Audit",
1513
},
1514
"effect-2b9ad585-36bc-4615-b300-fd4435808332": {
1515
"type": "String",
1516
"metadata": {
1517
+ "displayName": "Effect for policy: App Service apps should use managed identity",
1518
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1519
},
1520
"allowedValues": [
1521
"AuditIfNotExists",
1525
},
1526
"effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4": {
1527
"type": "String",
1528
"metadata": {
1529
+ "displayName": "Effect for policy: Azure Spring Cloud should use network injection",
1530
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1531
},
1532
"allowedValues": [
1533
"Audit",
1553
},
1554
"effect-2393d2cf-a342-44cd-a2e2-fe0188fd1234": {
1555
"type": "String",
1556
"metadata": {
1557
+ "displayName": "Effect for policy: Azure SignalR Service should use private link",
1558
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1559
},
1560
"allowedValues": [
1561
"Audit",
1565
},
1566
"effect-b8564268-eb4a-4337-89be-a19db070c59d": {
1567
"type": "String",
1568
"metadata": {
1569
+ "displayName": "Effect for policy: Event Hub namespaces should use private link",
1570
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1571
},
1572
"allowedValues": [
1573
"AuditIfNotExists",
1577
},
1578
"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": {
1579
"type": "String",
1580
"metadata": {
1581
+ "displayName": "Effect for policy: Key vaults should have deletion protection enabled",
1582
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1583
},
1584
"allowedValues": [
1585
"Audit",
1590
},
1591
"effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1": {
1592
"type": "String",
1593
"metadata": {
1594
+ "displayName": "Effect for policy: App Configuration should use a customer-managed key",
1595
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1596
},
1597
"allowedValues": [
1598
"Audit",
1603
},
1604
"effect-e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f": {
1605
"type": "String",
1606
"metadata": {
1607
+ "displayName": "Effect for policy: Azure Machine Learning Computes should have local authentication methods disabled",
1608
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1609
},
1610
"allowedValues": [
1611
"Audit",
1616
},
1617
"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751": {
1618
"type": "String",
1619
"metadata": {
1620
+ "displayName": "Effect for policy: Storage account public access should be disallowed",
1621
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1622
},
1623
"allowedValues": [
1624
"Audit",
1629
},
1630
"effect-c4857be7-912a-4c75-87e6-e30292bcdf78": {
1631
"type": "String",
1632
"metadata": {
1633
+ "displayName": "Effect for policy: Container Registry should use a virtual network service endpoint",
1634
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1635
},
1636
"allowedValues": [
1637
"Audit",
1657
},
1658
"effect-11ac78e3-31bc-4f0c-8434-37ab963cea07": {
1659
"type": "String",
1660
"metadata": {
1661
+ "displayName": "Effect for policy: Dependency agent should be enabled for listed virtual machine images",
1662
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1663
},
1664
"allowedValues": [
1665
"AuditIfNotExists",
1691
},
1692
"effect-4ceb8dc2-559c-478b-a15b-733fbf1e3738": {
1693
"type": "String",
1694
"metadata": {
1695
+ "displayName": "Effect for policy: Audit Windows machines that do not have the maximum password age set to specified number of days",
1696
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1697
},
1698
"allowedValues": [
1699
"AuditIfNotExists",
1703
},
1704
"effect-fe83a0eb-a853-422d-aac2-1bffd182c5d0": {
1705
"type": "String",
1706
"metadata": {
1707
+ "displayName": "Effect for policy: Storage accounts should have the specified minimum TLS version",
1708
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1709
},
1710
"allowedValues": [
1711
"Audit",
1738
},
1739
"effect-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
1740
"type": "String",
1741
"metadata": {
1742
+ "displayName": "[Deprecated]: Effect for policy: Virtual machines should be connected to a specified workspace",
1743
"description": "For more information about effects, visit https://aka.ms/policyeffects",
1744
"deprecated": true
1745
},
1746
"allowedValues": [
1751
},
1752
"effect-ae5d2f14-d830-42b6-9899-df6cfe9c71a3": {
1753
"type": "String",
1754
"metadata": {
1755
+ "displayName": "Effect for policy: SQL Server should use a virtual network service endpoint",
1756
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1757
},
1758
"allowedValues": [
1759
"AuditIfNotExists",
1763
},
1764
"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d": {
1765
"type": "String",
1766
"metadata": {
1767
+ "displayName": "Effect for policy: Azure Defender for servers should be enabled",
1768
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1769
},
1770
"allowedValues": [
1771
"AuditIfNotExists",
1775
},
1776
"effect-a1840de2-8088-4ea8-b153-b4c723e9cb01": {
1777
"type": "String",
1778
"metadata": {
1779
+ "displayName": "Effect for policy: Azure Kubernetes Service clusters should have Defender profile enabled",
1780
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1781
},
1782
"allowedValues": [
1783
"Audit",
1800
},
1801
"effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99": {
1802
"type": "String",
1803
"metadata": {
1804
+ "displayName": "Effect for policy: Audit Linux machines that have accounts without passwords",
1805
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1806
},
1807
"allowedValues": [
1808
"AuditIfNotExists",
1812
},
1813
"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2": {
1814
"type": "String",
1815
"metadata": {
1816
+ "displayName": "Effect for policy: Azure Defender for Azure SQL Database servers should be enabled",
1817
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1818
},
1819
"allowedValues": [
1820
"AuditIfNotExists",
1824
},
1825
"effect-fa498b91-8a7e-4710-9578-da944c68d1fe": {
1826
"type": "String",
1827
"metadata": {
1828
+ "displayName": "Effect for policy: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled",
1829
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1830
},
1831
"allowedValues": [
1832
"Audit",
1836
},
1837
"effect-a70ca396-0a34-413a-88e1-b956c1e683be": {
1838
"type": "String",
1839
"metadata": {
1840
+ "displayName": "[Deprecated]: Effect for policy: Virtual machines should have the Log Analytics extension installed",
1841
"description": "For more information about effects, visit https://aka.ms/policyeffects",
1842
"deprecated": true
1843
},
1844
"allowedValues": [
1849
},
1850
"effect-7796937f-307b-4598-941c-67d3a05ebfe7": {
1851
"type": "String",
1852
"metadata": {
1853
+ "displayName": "Effect for policy: Azure subscriptions should have a log profile for Activity Log",
1854
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1855
},
1856
"allowedValues": [
1857
"AuditIfNotExists",
1861
},
1862
"effect-89099bee-89e0-4b26-a5f4-165451757743": {
1863
"type": "String",
1864
"metadata": {
1865
+ "displayName": "Effect for policy: SQL servers with auditing to storage account destination should be configured with 90 days retention or higher",
1866
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1867
},
1868
"allowedValues": [
1869
"AuditIfNotExists",
1873
},
1874
"effect-fb74e86f-d351-4b8d-b034-93da7391c01f": {
1875
"type": "String",
1876
"metadata": {
1877
+ "displayName": "Effect for policy: App Service Environment should have internal encryption enabled",
1878
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1879
},
1880
"allowedValues": [
1881
"Audit",
1904
},
1905
"effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255": {
1906
"type": "String",
1907
"metadata": {
1908
+ "displayName": "Effect for policy: Keys using elliptic curve cryptography should have the specified curve names",
1909
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1910
},
1911
"allowedValues": [
1912
"Audit",
1917
},
1918
"effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373": {
1919
"type": "String",
1920
"metadata": {
1921
+ "displayName": "Effect for policy: Log Analytics extension should be installed on your Linux Azure Arc machines",
1922
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1923
},
1924
"allowedValues": [
1925
"AuditIfNotExists",
1929
},
1930
"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71": {
1931
"type": "String",
1932
"metadata": {
1933
+ "displayName": "Effect for policy: App Service apps should have remote debugging turned off",
1934
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1935
},
1936
"allowedValues": [
1937
"AuditIfNotExists",
1941
},
1942
"effect-17k78e20-9358-41c9-923c-fb736d382a12": {
1943
"type": "String",
1944
"metadata": {
1945
+ "displayName": "Effect for policy: Transparent Data Encryption on SQL databases should be enabled",
1946
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1947
},
1948
"allowedValues": [
1949
"AuditIfNotExists",
1953
},
1954
"effect-4c3c6c5f-0d47-4402-99b8-aa543dd8bcee": {
1955
"type": "String",
1956
"metadata": {
1957
+ "displayName": "Effect for policy: Audit flow logs configuration for every virtual network",
1958
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1959
},
1960
"allowedValues": [
1961
"Audit",
1965
},
1966
"effect-d6759c02-b87f-42b7-892e-71b3f471d782": {
1967
"type": "String",
1968
"metadata": {
1969
+ "displayName": "Effect for policy: Azure AI Services resources should use Azure Private Link",
1970
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1971
},
1972
"allowedValues": [
1973
"Audit",
1977
},
1978
"effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48": {
1979
"type": "String",
1980
"metadata": {
1981
+ "displayName": "Effect for policy: Public network access should be disabled for PostgreSQL flexible servers",
1982
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1983
},
1984
"allowedValues": [
1985
"Audit",
1990
},
1991
"effect-970f84d8-71b6-4091-9979-ace7e3fb6dbb": {
1992
"type": "String",
1993
"metadata": {
1994
+ "displayName": "Effect for policy: HPC Cache accounts should use customer-managed key for encryption",
1995
"description": "For more information about effects, visit https://aka.ms/policyeffects"
1996
},
1997
"allowedValues": [
1998
"Audit",
2003
},
2004
"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a": {
2005
"type": "String",
2006
"metadata": {
2007
+ "displayName": "Effect for policy: Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity",
2008
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2009
},
2010
"allowedValues": [
2011
"AuditIfNotExists",
2015
},
2016
"effect-97566dd7-78ae-4997-8b36-1c7bfe0d8121": {
2017
"type": "String",
2018
"metadata": {
2019
+ "displayName": "Effect for policy: Secure Boot should be enabled on supported Windows virtual machines",
2020
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2021
},
2022
"allowedValues": [
2023
"Audit",
2027
},
2028
"effect-1d320205-c6a1-4ac6-873d-46224024e8e2": {
2029
"type": "String",
2030
"metadata": {
2031
+ "displayName": "Effect for policy: Azure File Sync should use private link",
2032
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2033
},
2034
"allowedValues": [
2035
"AuditIfNotExists",
2039
},
2040
"effect-c0e996f8-39cf-4af9-9f45-83fbde810432": {
2041
"type": "String",
2042
"metadata": {
2043
+ "displayName": "Effect for policy: Only approved VM extensions should be installed",
2044
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2045
},
2046
"allowedValues": [
2047
"Audit",
2059
},
2060
"effect-d416745a-506c-48b6-8ab1-83cb814bcaa3": {
2061
"type": "String",
2062
"metadata": {
2063
+ "displayName": "Effect for policy: Virtual machines should be connected to an approved virtual network",
2064
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2065
},
2066
"allowedValues": [
2067
"Audit",
2079
},
2080
"effect-6581d072-105e-4418-827f-bd446d56421b": {
2081
"type": "String",
2082
"metadata": {
2083
+ "displayName": "Effect for policy: Azure Defender for SQL servers on machines should be enabled",
2084
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2085
},
2086
"allowedValues": [
2087
"AuditIfNotExists",
2091
},
2092
"effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833": {
2093
"type": "String",
2094
"metadata": {
2095
+ "displayName": "Effect for policy: MySQL servers should use customer-managed keys to encrypt data at rest",
2096
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2097
},
2098
"allowedValues": [
2099
"AuditIfNotExists",
2103
},
2104
"effect-c9d007d0-c057-4772-b18c-01e546713bcd": {
2105
"type": "String",
2106
"metadata": {
2107
+ "displayName": "Effect for policy: Storage accounts should allow access from trusted Microsoft services",
2108
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2109
},
2110
"allowedValues": [
2111
"Audit",
2116
},
2117
"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c": {
2118
"type": "String",
2119
"metadata": {
2120
+ "displayName": "Effect for policy: Guest Configuration extension should be installed on your machines",
2121
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2122
},
2123
"allowedValues": [
2124
"AuditIfNotExists",
2128
},
2129
"effect-d38fc420-0735-4ef3-ac11-c806f651a570": {
2130
"type": "String",
2131
"metadata": {
2132
+ "displayName": "Effect for policy: Long-term geo-redundant backup should be enabled for Azure SQL Databases",
2133
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2134
},
2135
"allowedValues": [
2136
"AuditIfNotExists",
2160
},
2161
"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0": {
2162
"type": "String",
2163
"metadata": {
2164
+ "displayName": "Effect for policy: OS and data disks should be encrypted with a customer-managed key",
2165
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2166
},
2167
"allowedValues": [
2168
"Audit",
2173
},
2174
"effect-c9299215-ae47-4f50-9c54-8a392f68a052": {
2175
"type": "String",
2176
"metadata": {
2177
+ "displayName": "Effect for policy: Public network access should be disabled for MySQL flexible servers",
2178
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2179
},
2180
"allowedValues": [
2181
"Audit",
2186
},
2187
"effect-60d21c4f-21a3-4d94-85f4-b924e6aeeda4": {
2188
"type": "String",
2189
"metadata": {
2190
+ "displayName": "Effect for policy: Storage Accounts should use a virtual network service endpoint",
2191
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2192
},
2193
"allowedValues": [
2194
"Audit",
2198
},
2199
"effect-f1776c76-f58c-4245-a8d0-2b207198dc8b": {
2200
"type": "String",
2201
"metadata": {
2202
+ "displayName": "Effect for policy: Virtual networks should use specified virtual network gateway",
2203
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2204
},
2205
"allowedValues": [
2206
"AuditIfNotExists",
2217
},
2218
"effect-11e3da8c-1d68-4392-badd-0ff3c43ab5b0": {
2219
"type": "String",
2220
"metadata": {
2221
+ "displayName": "Effect for policy: Recovery Services vaults should use private link",
2222
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2223
},
2224
"allowedValues": [
2225
"Audit",
2229
},
2230
"effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b": {
2231
"type": "String",
2232
"metadata": {
2233
+ "displayName": "Effect for policy: API Management services should use a virtual network",
2234
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2235
},
2236
"allowedValues": [
2237
"Audit",
2260
},
2261
"effect-7698e800-9299-47a6-b3b6-5a0fee576eed": {
2262
"type": "String",
2263
"metadata": {
2264
+ "displayName": "Effect for policy: Private endpoint connections on Azure SQL Database should be enabled",
2265
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2266
},
2267
"allowedValues": [
2268
"Audit",
2272
},
2273
"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": {
2274
"type": "String",
2275
"metadata": {
2276
+ "displayName": "Effect for policy: Subscriptions should have a contact email address for security issues",
2277
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2278
},
2279
"allowedValues": [
2280
"AuditIfNotExists",
2284
},
2285
"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4": {
2286
"type": "String",
2287
"metadata": {
2288
+ "displayName": "Effect for policy: Resource logs in IoT Hub should be enabled",
2289
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2290
},
2291
"allowedValues": [
2292
"AuditIfNotExists",
2304
},
2305
"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d": {
2306
"type": "String",
2307
"metadata": {
2308
+ "displayName": "Effect for policy: Key vaults should have soft delete enabled",
2309
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2310
},
2311
"allowedValues": [
2312
"Audit",
2317
},
2318
"effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e": {
2319
"type": "String",
2320
"metadata": {
2321
+ "displayName": "Effect for policy: Microsoft Defender for Azure Cosmos DB should be enabled",
2322
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2323
},
2324
"allowedValues": [
2325
"AuditIfNotExists",
2329
},
2330
"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1": {
2331
"type": "String",
2332
"metadata": {
2333
+ "displayName": "Effect for policy: Double encryption should be enabled on Azure Data Explorer",
2334
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2335
},
2336
"allowedValues": [
2337
"Audit",
2342
},
2343
"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5": {
2344
"type": "String",
2345
"metadata": {
2346
+ "displayName": "Effect for policy: Function apps should not have CORS configured to allow every resource to access your apps",
2347
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2348
},
2349
"allowedValues": [
2350
"AuditIfNotExists",
2354
},
2355
"effect-c39ba22d-4428-4149-b981-70acb31fc383": {
2356
"type": "String",
2357
"metadata": {
2358
+ "displayName": "Effect for policy: Azure Key Vault Managed HSM should have purge protection enabled",
2359
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2360
},
2361
"allowedValues": [
2362
"Audit",
2367
},
2368
"effect-617c02be-7f02-4efd-8836-3180d47b6c68": {
2369
"type": "String",
2370
"metadata": {
2371
+ "displayName": "Effect for policy: Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign",
2372
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2373
},
2374
"allowedValues": [
2375
"Audit",
2380
},
2381
"effect-e345b6c3-24bd-4c93-9bbb-7e5e49a17b78": {
2382
"type": "String",
2383
"metadata": {
2384
+ "displayName": "Effect for policy: Azure VPN gateways should not use 'basic' SKU",
2385
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2386
},
2387
"allowedValues": [
2388
"Audit",
2392
},
2393
"effect-58440f8a-10c5-4151-bdce-dfbaad4a20b7": {
2394
"type": "String",
2395
"metadata": {
2396
+ "displayName": "Effect for policy: CosmosDB accounts should use private link",
2397
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2398
},
2399
"allowedValues": [
2400
"Audit",
2433
},
2434
"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f": {
2435
"type": "String",
2436
"metadata": {
2437
+ "displayName": "Effect for policy: Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest",
2438
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2439
},
2440
"allowedValues": [
2441
"Audit",
2446
},
2447
"effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8": {
2448
"type": "String",
2449
"metadata": {
2450
+ "displayName": "Effect for policy: Function apps should have authentication enabled",
2451
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2452
},
2453
"allowedValues": [
2454
"AuditIfNotExists",
2458
},
2459
"effect-04c4380f-3fae-46e8-96c9-30193528f602": {
2460
"type": "String",
2461
"metadata": {
2462
+ "displayName": "Effect for policy: Network traffic data collection agent should be installed on Linux virtual machines",
2463
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2464
},
2465
"allowedValues": [
2466
"AuditIfNotExists",
2470
},
2471
"effect-ca610c1d-041c-4332-9d88-7ed3094967c7": {
2472
"type": "String",
2473
"metadata": {
2474
+ "displayName": "Effect for policy: App Configuration should use private link",
2475
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2476
},
2477
"allowedValues": [
2478
"AuditIfNotExists",
2482
},
2483
"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858": {
2484
"type": "String",
2485
"metadata": {
2486
+ "displayName": "Effect for policy: An activity log alert should exist for specific Policy operations",
2487
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2488
},
2489
"allowedValues": [
2490
"AuditIfNotExists",
2505
},
2506
"effect-1c30f9cd-b84c-49cc-aa2c-9288447cc3b3": {
2507
"type": "String",
2508
"metadata": {
2509
+ "displayName": "Effect for policy: vTPM should be enabled on supported virtual machines",
2510
"description": "For more information about effects, visit https://aka.ms/policyeffects"
+ "displayName": "Effect for policy: Windows machines should be configured to use secure communication protocols",
2566
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2567
},
2568
"allowedValues": [
2569
"AuditIfNotExists",
2573
},
2574
"effect-1cb4d9c2-f88f-4069-bee0-dba239a57b09": {
2575
"type": "String",
2576
"metadata": {
2577
+ "displayName": "Effect for policy: Guest Attestation extension should be installed on supported Windows virtual machines",
2578
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2579
},
2580
"allowedValues": [
2581
"AuditIfNotExists",
2638
},
2639
"effect-f2143251-70de-4e81-87a8-36cee5a2f29d": {
2640
"type": "String",
2641
"metadata": {
2642
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Settings - Account Policies'",
2643
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2644
},
2645
"allowedValues": [
2646
"AuditIfNotExists",
2650
},
2651
"effect-cf820ca0-f99e-4f3e-84fb-66e913812d21": {
2652
"type": "String",
2653
"metadata": {
2654
+ "displayName": "Effect for policy: Resource logs in Key Vault should be enabled",
2655
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2656
},
2657
"allowedValues": [
2658
"AuditIfNotExists",
2670
},
2671
"effect-82339799-d096-41ae-8538-b108becf0970": {
2672
"type": "String",
2673
"metadata": {
2674
+ "displayName": "Effect for policy: Geo-redundant backup should be enabled for Azure Database for MySQL",
2675
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2676
},
2677
"allowedValues": [
2678
"Audit",
2682
},
2683
"effect-146412e9-005c-472b-9e48-c87b72ac229e": {
2684
"type": "String",
2685
"metadata": {
2686
+ "displayName": "Effect for policy: A Microsoft Entra administrator should be provisioned for MySQL servers",
2687
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2688
},
2689
"allowedValues": [
2690
"AuditIfNotExists",
2716
},
2717
"effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b": {
2718
"type": "String",
2719
"metadata": {
2720
+ "displayName": "Effect for policy: Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords",
2721
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2722
},
2723
"allowedValues": [
2724
"AuditIfNotExists",
2741
},
2742
"effect-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc": {
2743
"type": "String",
2744
"metadata": {
2745
+ "displayName": "Effect for policy: Windows machines should meet requirements of the Azure compute security baseline",
2746
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2747
},
2748
"allowedValues": [
2749
"AuditIfNotExists",
2753
},
2754
"effect-eb907f70-7514-460d-92b3-a5ae93b4f917": {
2755
"type": "String",
2756
"metadata": {
2757
+ "displayName": "Effect for policy: Azure Web PubSub Service should use private link",
2758
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2759
},
2760
"allowedValues": [
2761
"Audit",
2765
},
2766
"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae": {
2767
"type": "String",
2768
"metadata": {
2769
+ "displayName": "Effect for policy: App Service apps should use latest 'HTTP Version'",
2770
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2771
},
2772
"allowedValues": [
2773
"AuditIfNotExists",
2777
},
2778
"effect-a1ad735a-e96f-45d2-a7b2-9a4932cab7ec": {
2779
"type": "String",
2780
"metadata": {
2781
+ "displayName": "Effect for policy: Event Hub namespaces should use a customer-managed key for encryption",
2782
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2783
},
2784
"allowedValues": [
2785
"Audit",
2789
},
2790
"effect-32e6bbec-16b6-44c2-be37-c5b672d103cf": {
2791
"type": "String",
2792
"metadata": {
2793
+ "displayName": "Effect for policy: Azure SQL Database should be running TLS version 1.2 or newer",
2794
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2795
},
2796
"allowedValues": [
2797
"Audit",
2802
},
2803
"effect-bd876905-5b84-4f73-ab2d-2e7a7c4568d9": {
2804
"type": "String",
2805
"metadata": {
2806
+ "displayName": "Effect for policy: Machines should be configured to periodically check for missing system updates",
2807
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2808
},
2809
"allowedValues": [
2810
"Audit",
2815
},
2816
"effect-34f95f76-5386-4de7-b824-0d8478470c9d": {
2817
"type": "String",
2818
"metadata": {
2819
+ "displayName": "Effect for policy: Resource logs in Logic Apps should be enabled",
2820
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2821
},
2822
"allowedValues": [
2823
"AuditIfNotExists",
2835
},
2836
"effect-8ac833bd-f505-48d5-887e-c993a1d3eea0": {
2837
"type": "String",
2838
"metadata": {
2839
+ "displayName": "Effect for policy: API endpoints in Azure API Management should be authenticated",
2840
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2841
},
2842
"allowedValues": [
2843
"AuditIfNotExists",
2847
},
2848
"effect-1ee56206-5dd1-42ab-b02d-8aae8b1634ce": {
2849
"type": "String",
2850
"metadata": {
2851
+ "displayName": "Effect for policy: Azure API for FHIR should use private link",
2852
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2853
},
2854
"allowedValues": [
2855
"Audit",
2859
},
2860
"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
2861
"type": "String",
2862
"metadata": {
2863
+ "displayName": "Effect for policy: Auditing on SQL server should be enabled",
2864
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2865
},
2866
"allowedValues": [
2867
"AuditIfNotExists",
2882
},
2883
"effect-48af4db5-9b8b-401c-8e74-076be876a430": {
2884
"type": "String",
2885
"metadata": {
2886
+ "displayName": "Effect for policy: Geo-redundant backup should be enabled for Azure Database for PostgreSQL",
2887
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2888
},
2889
"allowedValues": [
2890
"Audit",
2894
},
2895
"effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2": {
2896
"type": "String",
2897
"metadata": {
2898
+ "displayName": "Effect for policy: SQL managed instances should use customer-managed keys to encrypt data at rest",
2899
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2900
},
2901
"allowedValues": [
2902
"Audit",
2907
},
2908
"effect-e15effd4-2278-4c65-a0da-4d6f6d1890e2": {
2909
"type": "String",
2910
"metadata": {
2911
+ "displayName": "Effect for policy: Log Analytics Workspaces should block non-Azure Active Directory based ingestion.",
2912
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2913
},
2914
"allowedValues": [
2915
"Deny",
2920
},
2921
"effect-7926a6d1-b268-4586-8197-e8ae90c877d7": {
2922
"type": "String",
2923
"metadata": {
2924
+ "displayName": "Effect for policy: Microsoft Defender for APIs should be enabled",
2925
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2926
},
2927
"allowedValues": [
2928
"AuditIfNotExists",
2932
},
2933
"effect-399b2637-a50f-4f95-96f8-3a145476eb15": {
2934
"type": "String",
2935
"metadata": {
2936
+ "displayName": "Effect for policy: Function apps should require FTPS only",
2937
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2938
},
2939
"allowedValues": [
2940
"AuditIfNotExists",
2956
},
2957
"effect-82067dbb-e53b-4e06-b631-546d197452d9": {
2958
"type": "String",
2959
"metadata": {
2960
+ "displayName": "Effect for policy: Keys using RSA cryptography should have a specified minimum key size",
2961
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2962
},
2963
"allowedValues": [
2964
"Audit",
2969
},
2970
"effect-12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5": {
2971
"type": "String",
2972
"metadata": {
2973
+ "displayName": "Effect for policy: Azure Key Vault should use RBAC permission model",
2974
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2975
},
2976
"allowedValues": [
2977
"Audit",
2982
},
2983
"effect-a8793640-60f7-487c-b5c3-1d37215905c4": {
2984
"type": "String",
2985
"metadata": {
2986
+ "displayName": "Effect for policy: SQL Managed Instance should have the minimal TLS version of 1.2",
2987
"description": "For more information about effects, visit https://aka.ms/policyeffects"
2988
},
2989
"allowedValues": [
2990
"Audit",
2994
},
2995
"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9": {
2996
"type": "String",
2997
"metadata": {
2998
+ "displayName": "Effect for policy: Azure Monitor should collect activity logs from all regions",
2999
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3000
},
3001
"allowedValues": [
3002
"AuditIfNotExists",
3033
},
3034
"effect-58383b73-94a9-4414-b382-4146eb02611b": {
3035
"type": "String",
3036
"metadata": {
3037
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'",
3038
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3039
},
3040
"allowedValues": [
3041
"AuditIfNotExists",
3063
},
3064
"effect-32133ab0-ee4b-4b44-98d6-042180979d50": {
3065
"type": "String",
3066
"metadata": {
3067
+ "displayName": "[Deprecated]: Effect for policy: Log Analytics Extension should be enabled for listed virtual machine images",
3068
"description": "For more information about effects, visit https://aka.ms/policyeffects",
3069
"deprecated": true
3070
},
3071
"allowedValues": [
3076
},
3077
"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71": {
3078
"type": "String",
3079
"metadata": {
3080
+ "displayName": "Effect for policy: Container registries should not allow unrestricted network access",
3081
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3082
},
3083
"allowedValues": [
3084
"Audit",
3089
},
3090
"effect-0a370ff3-6cab-4e85-8995-295fd854c5b8": {
3091
"type": "String",
3092
"metadata": {
3093
+ "displayName": "Effect for policy: SQL servers should use customer-managed keys to encrypt data at rest",
3094
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3095
},
3096
"allowedValues": [
3097
"Audit",
3115
},
3116
"effect-caf2d518-f029-4f6b-833b-d7081702f253": {
3117
"type": "String",
3118
"metadata": {
3119
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Microsoft Network Server'",
3120
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3121
},
3122
"allowedValues": [
3123
"AuditIfNotExists",
3127
},
3128
"effect-0b15565f-aa9e-48ba-8619-45960f2c314d": {
3129
"type": "String",
3130
"metadata": {
3131
+ "displayName": "Effect for policy: Email notification to subscription owner for high severity alerts should be enabled",
3132
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3133
},
3134
"allowedValues": [
3135
"AuditIfNotExists",
3139
},
3140
"effect-d63edb4a-c612-454d-b47d-191a724fcbf0": {
3141
"type": "String",
3142
"metadata": {
3143
+ "displayName": "Effect for policy: Event Hub should use a virtual network service endpoint",
3144
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3145
},
3146
"allowedValues": [
3147
"AuditIfNotExists",
3151
},
3152
"effect-9dfea752-dd46-4766-aed1-c355fa93fb91": {
3153
"type": "String",
3154
"metadata": {
3155
+ "displayName": "Effect for policy: Azure SQL Managed Instances should disable public network access",
3156
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3157
},
3158
"allowedValues": [
3159
"Audit",
3164
},
3165
"effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f": {
3166
"type": "String",
3167
"metadata": {
3168
+ "displayName": "Effect for policy: Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost.",
3169
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3170
},
3171
"allowedValues": [
3172
"AuditIfNotExists",
3196
},
3197
"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a": {
3198
"type": "String",
3199
"metadata": {
3200
+ "displayName": "Effect for policy: Storage accounts should have infrastructure encryption",
3201
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3202
},
3203
"allowedValues": [
3204
"Audit",
3209
},
3210
"effect-9b597639-28e4-48eb-b506-56b05d366257": {
3211
"type": "String",
3212
"metadata": {
3213
+ "displayName": "Effect for policy: Microsoft IaaSAntimalware extension should be deployed on Windows servers",
3214
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3215
},
3216
"allowedValues": [
3217
"AuditIfNotExists",
3221
},
3222
"effect-438c38d2-3772-465a-a9cc-7a6666a275ce": {
3223
"type": "String",
3224
"metadata": {
3225
+ "displayName": "Effect for policy: Azure Machine Learning Workspaces should disable public network access",
3226
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3227
},
3228
"allowedValues": [
3229
"Audit",
3234
},
3235
"effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc": {
3236
"type": "String",
3237
"metadata": {
3238
+ "displayName": "Effect for policy: App Service apps should have authentication enabled",
3239
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3240
},
3241
"allowedValues": [
3242
"AuditIfNotExists",
3246
},
3247
"effect-a21f8c92-9e22-4f09-b759-50500d1d2dda": {
3248
"type": "String",
3249
"metadata": {
3250
+ "displayName": "Effect for policy: Guest Attestation extension should be installed on supported Linux virtual machines scale sets",
3251
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3252
},
3253
"allowedValues": [
3254
"AuditIfNotExists",
3258
},
3259
"effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077": {
3260
"type": "String",
3261
"metadata": {
3262
+ "displayName": "Effect for policy: Public network access should be disabled for MariaDB servers",
3263
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3264
},
3265
"allowedValues": [
3266
"Audit",
3271
},
3272
"effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e": {
3273
"type": "String",
3274
"metadata": {
3275
+ "displayName": "Effect for policy: Log Analytics extension should be installed on your Windows Azure Arc machines",
3276
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3277
},
3278
"allowedValues": [
3279
"AuditIfNotExists",
3283
},
3284
"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f": {
3285
"type": "String",
3286
"metadata": {
3287
+ "displayName": "Effect for policy: Storage accounts should restrict network access using virtual network rules",
3288
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3289
},
3290
"allowedValues": [
3291
"Audit",
3296
},
3297
"effect-13a6c84f-49a5-410a-b5df-5b880c3fe009": {
3298
"type": "String",
3299
"metadata": {
3300
+ "displayName": "Effect for policy: Linux virtual machines should use only signed and trusted boot components",
3301
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3302
},
3303
"allowedValues": [
3304
"AuditIfNotExists",
3308
},
3309
"effect-057ef27e-665e-4328-8ea3-04b3122bd9fb": {
3310
"type": "String",
3311
"metadata": {
3312
+ "displayName": "Effect for policy: Resource logs in Azure Data Lake Store should be enabled",
3313
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3314
},
3315
"allowedValues": [
3316
"AuditIfNotExists",
3336
},
3337
"effect-d31e5c31-63b2-4f12-887b-e49456834fa1": {
3338
"type": "String",
3339
"metadata": {
3340
+ "displayName": "Effect for policy: Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces",
3341
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3342
},
3343
"allowedValues": [
3344
"AuditIfNotExists",
3348
},
3349
"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811": {
3350
"type": "String",
3351
"metadata": {
3352
+ "displayName": "Effect for policy: Azure Stack Edge devices should use double-encryption",
3353
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3354
},
3355
"allowedValues": [
3356
"Audit",
3361
},
3362
"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580": {
3363
"type": "String",
3364
"metadata": {
3365
+ "displayName": "Effect for policy: Container registries should be encrypted with a customer-managed key",
3366
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3367
},
3368
"allowedValues": [
3369
"Audit",
3374
},
3375
"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457": {
3376
"type": "String",
3377
"metadata": {
3378
+ "displayName": "Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes Services",
3379
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3380
},
3381
"allowedValues": [
3382
"Audit",
3386
},
3387
"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735": {
3388
"type": "String",
3389
"metadata": {
3390
+ "displayName": "Effect for policy: Automation account variables should be encrypted",
3391
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3392
},
3393
"allowedValues": [
3394
"Audit",
3399
},
3400
"effect-0e6763cc-5078-4e64-889d-ff4d9a839047": {
3401
"type": "String",
3402
"metadata": {
3403
+ "displayName": "Effect for policy: Azure Defender for Key Vault should be enabled",
3404
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3405
},
3406
"allowedValues": [
3407
"AuditIfNotExists",
3411
},
3412
"effect-b4dec045-250a-48c2-b5cc-e0c4eec8b5b4": {
3413
"type": "String",
3414
"metadata": {
3415
+ "displayName": "Effect for policy: A Microsoft Entra administrator should be provisioned for PostgreSQL servers",
3416
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3417
},
3418
"allowedValues": [
3419
"AuditIfNotExists",
3423
},
3424
"effect-b52376f7-9612-48a1-81cd-1ffe4b61032c": {
3425
"type": "String",
3426
"metadata": {
3427
+ "displayName": "Effect for policy: Public network access should be disabled for PostgreSQL servers",
3428
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3429
},
3430
"allowedValues": [
3431
"Audit",
3436
},
3437
"effect-12430be1-6cc8-4527-a9a8-e3d38f250096": {
3438
"type": "String",
3439
"metadata": {
3440
+ "displayName": "Effect for policy: Web Application Firewall (WAF) should use the specified mode for Application Gateway",
3441
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3442
},
3443
"allowedValues": [
3444
"Audit",
3461
},
3462
"effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835": {
3463
"type": "String",
3464
"metadata": {
3465
+ "displayName": "Effect for policy: Azure Defender for open-source relational databases should be enabled",
3466
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3467
},
3468
"allowedValues": [
3469
"AuditIfNotExists",
3473
},
3474
"effect-549814b6-3212-4203-bdc8-1548d342fb67": {
3475
"type": "String",
3476
"metadata": {
3477
+ "displayName": "Effect for policy: API Management minimum API version should be set to 2019-12-01 or higher",
3478
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3479
},
3480
"allowedValues": [
3481
"Audit",
3486
},
3487
"effect-1c06e275-d63d-4540-b761-71f364c2111d": {
3488
"type": "String",
3489
"metadata": {
3490
+ "displayName": "Effect for policy: Azure Service Bus namespaces should use private link",
3491
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3492
},
3493
"allowedValues": [
3494
"AuditIfNotExists",
3505
},
3506
"effect-d8cf8476-a2ec-4916-896e-992351803c44": {
3507
"type": "String",
3508
"metadata": {
3509
+ "displayName": "Effect for policy: Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation.",
3510
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3511
},
3512
"allowedValues": [
3513
"Audit",
3517
},
3518
"effect-245fc9df-fa96-4414-9a0b-3738c2f7341c": {
3519
"type": "String",
3520
"metadata": {
3521
+ "displayName": "Effect for policy: Resource logs in Azure Kubernetes Service should be enabled",
3522
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3523
},
3524
"allowedValues": [
3525
"AuditIfNotExists",
3537
},
3538
"effect-bf045164-79ba-4215-8f95-f8048dc1780b": {
3539
"type": "String",
3540
"metadata": {
3541
+ "displayName": "Effect for policy: Geo-redundant storage should be enabled for Storage Accounts",
3542
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3543
},
3544
"allowedValues": [
3545
"Audit",
3549
},
3550
"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8": {
3551
"type": "String",
3552
"metadata": {
3553
+ "displayName": "Effect for policy: Azure Machine Learning workspaces should be encrypted with a customer-managed key",
3554
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3555
},
3556
"allowedValues": [
3557
"Audit",
3562
},
3563
"effect-af99038c-02fd-4a2f-ac24-386b62bf32de": {
3564
"type": "String",
3565
"metadata": {
3566
+ "displayName": "Effect for policy: Machines should have ports closed that might expose attack vectors",
3567
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3568
},
3569
"allowedValues": [
3570
"AuditIfNotExists",
3574
},
3575
"effect-22730e10-96f6-4aac-ad84-9383d35b5917": {
3576
"type": "String",
3577
"metadata": {
3578
+ "displayName": "Effect for policy: Management ports should be closed on your virtual machines",
3579
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3580
},
3581
"allowedValues": [
3582
"AuditIfNotExists",
3586
},
3587
"effect-4b90e17e-8448-49db-875e-bd83fb6f804f": {
3588
"type": "String",
3589
"metadata": {
3590
+ "displayName": "Effect for policy: Azure Event Grid topics should use private link",
3591
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3592
},
3593
"allowedValues": [
3594
"Audit",
3598
},
3599
"effect-044985bb-afe1-42cd-8a36-9d5d42424537": {
3600
"type": "String",
3601
"metadata": {
3602
+ "displayName": "Effect for policy: Storage account keys should not be expired",
3603
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3604
},
3605
"allowedValues": [
3606
"Audit",
3611
},
3612
"effect-ea4d6841-2173-4317-9747-ff522a45120f": {
3613
"type": "String",
3614
"metadata": {
3615
+ "displayName": "Effect for policy: Key Vault should use a virtual network service endpoint",
3616
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3617
},
3618
"allowedValues": [
3619
"Audit",
3623
},
3624
"effect-9830b652-8523-49cc-b1b3-e17dce1127ca": {
3625
"type": "String",
3626
"metadata": {
3627
+ "displayName": "Effect for policy: Azure Event Grid domains should use private link",
3628
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3629
},
3630
"allowedValues": [
3631
"Audit",
3635
},
3636
"effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf": {
3637
"type": "String",
3638
"metadata": {
3639
+ "displayName": "Effect for policy: Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers",
3640
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3641
},
3642
"allowedValues": [
3643
"AuditIfNotExists",
3647
},
3648
"effect-abda6d70-9778-44e7-84a8-06713e6db027": {
3649
"type": "String",
3650
"metadata": {
3651
+ "displayName": "Effect for policy: Azure SQL Database should have Microsoft Entra-only authentication enabled during creation",
3652
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3653
},
3654
"allowedValues": [
3655
"Audit",
3660
},
3661
"effect-090c7b07-b4ed-4561-ad20-e9075f3ccaff": {
3662
"type": "String",
3663
"metadata": {
3664
+ "displayName": "Effect for policy: Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)",
3665
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3666
},
3667
"allowedValues": [
3668
"AuditIfNotExists",
3672
},
3673
"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c": {
3674
"type": "String",
3675
"metadata": {
3676
+ "displayName": "Effect for policy: Function apps should use latest 'HTTP Version'",
3677
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3678
},
3679
"allowedValues": [
3680
"AuditIfNotExists",
3684
},
3685
"effect-f39f5f49-4abf-44de-8c70-0756997bfb51": {
3686
"type": "String",
3687
"metadata": {
3688
+ "displayName": "Effect for policy: Disk access resources should use private link",
3689
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3690
},
3691
"allowedValues": [
3692
"AuditIfNotExists",
3714
},
3715
"effect-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": {
3716
"type": "String",
3717
"metadata": {
3718
+ "displayName": "[Deprecated]: Effect for policy: Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images",
3719
"description": "For more information about effects, visit https://aka.ms/policyeffects",
3720
"deprecated": true
3721
},
3722
"allowedValues": [
3747
},
3748
"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a": {
3749
"type": "String",
3750
"metadata": {
3751
+ "displayName": "Effect for policy: Vulnerability assessment should be enabled on SQL Managed Instance",
3752
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3753
},
3754
"allowedValues": [
3755
"AuditIfNotExists",
3759
},
3760
"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15": {
3761
"type": "String",
3762
"metadata": {
3763
+ "displayName": "[Deprecated]: Effect for policy: Vulnerabilities in security configuration on your machines should be remediated",
3764
"description": "For more information about effects, visit https://aka.ms/policyeffects",
3765
"deprecated": true
3766
},
3767
"allowedValues": [
3772
},
3773
"effect-0564d078-92f5-4f97-8398-b9f58a51f70b": {
3774
"type": "String",
3775
"metadata": {
3776
+ "displayName": "Effect for policy: Private endpoint should be enabled for PostgreSQL servers",
3777
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3778
},
3779
"allowedValues": [
3780
"AuditIfNotExists",
3784
},
3785
"effect-17f4b1cc-c55c-4d94-b1f9-2978f6ac2957": {
3786
"type": "String",
3787
"metadata": {
3788
+ "displayName": "Effect for policy: Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)",
3789
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3790
},
3791
"allowedValues": [
3792
"AuditIfNotExists",
3796
},
3797
"effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c": {
3798
"type": "String",
3799
"metadata": {
3800
+ "displayName": "Effect for policy: Resource logs in Data Lake Analytics should be enabled",
3801
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3802
},
3803
"allowedValues": [
3804
"AuditIfNotExists",
3816
},
3817
"effect-6fac406b-40ca-413b-bf8e-0bf964659c25": {
3818
"type": "String",
3819
"metadata": {
3820
+ "displayName": "Effect for policy: Storage accounts should use customer-managed key for encryption",
3821
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3822
},
3823
"allowedValues": [
3824
"Audit",
3828
},
3829
"effect-0a1302fb-a631-4106-9753-f3d494733990": {
3830
"type": "String",
3831
"metadata": {
3832
+ "displayName": "Effect for policy: Private endpoint should be enabled for MariaDB servers",
3833
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3834
},
3835
"allowedValues": [
3836
"AuditIfNotExists",
3840
},
3841
"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab": {
3842
"type": "String",
3843
"metadata": {
3844
+ "displayName": "Effect for policy: Function apps should only be accessible over HTTPS",
3845
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3846
},
3847
"allowedValues": [
3848
"Audit",
3853
},
3854
"effect-b954148f-4c11-4c38-8221-be76711e194a": {
3855
"type": "String",
3856
"metadata": {
3857
+ "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations",
3858
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3859
},
3860
"allowedValues": [
3861
"AuditIfNotExists",
3884
},
3885
"effect-0fea8f8a-4169-495d-8307-30ec335f387d": {
3886
"type": "String",
3887
"metadata": {
3888
+ "displayName": "Effect for policy: CORS should not allow every domain to access your API for FHIR",
3889
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3890
},
3891
"allowedValues": [
3892
"Audit",
3896
},
3897
"effect-6edd7eda-6dd8-40f7-810d-67160c639cd9": {
3898
"type": "String",
3899
"metadata": {
3900
+ "displayName": "Effect for policy: Storage accounts should use private link",
3901
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3902
},
3903
"allowedValues": [
3904
"AuditIfNotExists",
3920
},
3921
"effect-bfecdea6-31c4-4045-ad42-71b9dc87247d": {
3922
"type": "String",
3923
"metadata": {
3924
+ "displayName": "Effect for policy: Storage account encryption scopes should use double encryption for data at rest",
3925
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3926
},
3927
"allowedValues": [
3928
"Audit",
3933
},
3934
"effect-7595c971-233d-4bcf-bd18-596129188c49": {
3935
"type": "String",
3936
"metadata": {
3937
+ "displayName": "Effect for policy: Private endpoint should be enabled for MySQL servers",
3938
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3939
},
3940
"allowedValues": [
3941
"AuditIfNotExists",
3945
},
3946
"effect-19dd1db6-f442-49cf-a838-b0786b4401ef": {
3947
"type": "String",
3948
"metadata": {
3949
+ "displayName": "Effect for policy: App Service apps should have Client Certificates (Incoming client certificates) enabled",
3950
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3951
},
3952
"allowedValues": [
3953
"AuditIfNotExists",
3957
},
3958
"effect-d9844e8a-1437-4aeb-a32c-0c992f056095": {
3959
"type": "String",
3960
"metadata": {
3961
+ "displayName": "Effect for policy: Public network access should be disabled for MySQL servers",
3962
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3963
},
3964
"allowedValues": [
3965
"Audit",
3970
},
3971
"effect-72d11df1-dd8a-41f7-8925-b05b960ebafc": {
3972
"type": "String",
3973
"metadata": {
3974
+ "displayName": "Effect for policy: Azure Synapse workspaces should use private link",
3975
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3976
},
3977
"allowedValues": [
3978
"Audit",
3982
},
3983
"effect-e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9": {
3984
"type": "String",
3985
"metadata": {
3986
+ "displayName": "Effect for policy: Cosmos DB should use a virtual network service endpoint",
3987
"description": "For more information about effects, visit https://aka.ms/policyeffects"
3988
},
3989
"allowedValues": [
3990
"Audit",
4015
},
4016
"effect-ee984370-154a-4ee8-9726-19d900e56fc0": {
4017
"type": "String",
4018
"metadata": {
4019
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Accounts'",
4020
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4021
},
4022
"allowedValues": [
4023
"AuditIfNotExists",
4027
},
4028
"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9": {
4029
"type": "String",
4030
"metadata": {
4031
+ "displayName": "Effect for policy: App Service apps should not have CORS configured to allow every resource to access your apps",
4032
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4033
},
4034
"allowedValues": [
4035
"AuditIfNotExists",
4039
},
4040
"effect-1f90fc71-a595-4066-8974-d4d0802e8ef0": {
4041
"type": "String",
4042
"metadata": {
4043
+ "displayName": "Effect for policy: Microsoft Defender CSPM should be enabled",
4044
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4045
},
4046
"allowedValues": [
4047
"AuditIfNotExists",
4051
},
4052
"effect-f85bf3e0-d513-442e-89c3-1784ad63382b": {
4053
"type": "String",
4054
"metadata": {
4055
+ "displayName": "Effect for policy: System updates should be installed on your machines (powered by Update Center)",
4056
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4057
},
4058
"allowedValues": [
4059
"AuditIfNotExists",
4063
},
4064
"effect-78215662-041e-49ed-a9dd-5385911b3a1f": {
4065
"type": "String",
4066
"metadata": {
4067
+ "displayName": "Effect for policy: Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation",
4068
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4069
},
4070
"allowedValues": [
4071
"Audit",
4089
},
4090
"effect-da0f98fe-a24b-4ad5-af69-bd0400233661": {
4091
"type": "String",
4092
"metadata": {
4093
+ "displayName": "Effect for policy: Audit Windows machines that do not store passwords using reversible encryption",
4094
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4095
},
4096
"allowedValues": [
4097
"AuditIfNotExists",
4101
},
4102
"effect-df73bd95-24da-4a4f-96b9-4e8b94b402bd": {
4103
"type": "String",
4104
"metadata": {
4105
+ "displayName": "Effect for policy: API Management should disable public network access to the service configuration endpoints",
4106
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4107
},
4108
"allowedValues": [
4109
"AuditIfNotExists",
4126
},
4127
"effect-1c988dd6-ade4-430f-a608-2a3e5b0a6d38": {
4128
"type": "String",
4129
"metadata": {
4130
+ "displayName": "Effect for policy: Microsoft Defender for Containers should be enabled",
4131
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4132
},
4133
"allowedValues": [
4134
"AuditIfNotExists",
4138
},
4139
"effect-d550e854-df1a-4de9-bf44-cd894b39a95e": {
4140
"type": "String",
4141
"metadata": {
4142
+ "displayName": "Effect for policy: Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace",
4143
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4144
},
4145
"allowedValues": [
4146
"Audit",
4151
},
4152
"effect-1dc2fc00-2245-4143-99f4-874c937f13ef": {
4153
"type": "String",
4154
"metadata": {
4155
+ "displayName": "Effect for policy: Azure API Management platform version should be stv2",
4156
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4157
},
4158
"allowedValues": [
4159
"Audit",
4164
},
4165
"effect-051cba44-2429-45b9-9649-46cec11c7119": {
4166
"type": "String",
4167
"metadata": {
4168
+ "displayName": "Effect for policy: Azure API for FHIR should use a customer-managed key to encrypt data at rest",
4169
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4170
},
4171
"allowedValues": [
4172
"Audit",
4176
},
4177
"effect-672fe5a1-2fcd-42d7-b85d-902b6e28c6ff": {
4178
"type": "String",
4179
"metadata": {
4180
+ "displayName": "Effect for policy: Guest Attestation extension should be installed on supported Linux virtual machines",
4181
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4182
},
4183
"allowedValues": [
4184
"AuditIfNotExists",
4188
},
4189
"effect-e71308d3-144b-4262-b144-efdc3cc90517": {
4190
"type": "String",
4191
"metadata": {
4192
+ "displayName": "Effect for policy: Subnets should be associated with a Network Security Group",
4193
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4194
},
4195
"allowedValues": [
4196
"AuditIfNotExists",
4200
},
4201
"effect-41425d9f-d1a5-499a-9932-f8ed8453932c": {
4202
"type": "String",
4203
"metadata": {
4204
+ "displayName": "Effect for policy: Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host",
4205
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4206
},
4207
"allowedValues": [
4208
"Audit",
4233
},
4234
"effect-5d4e3c65-4873-47be-94f3-6f8b953a3598": {
4235
"type": "String",
4236
"metadata": {
4237
+ "displayName": "Effect for policy: Azure Event Hub namespaces should have local authentication methods disabled",
4238
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4239
},
4240
"allowedValues": [
4241
"Audit",
4246
},
4247
"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a": {
4248
"type": "String",
4249
"metadata": {
4250
+ "displayName": "Effect for policy: Azure Batch account should use customer-managed keys to encrypt data",
4251
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4252
},
4253
"allowedValues": [
4254
"Audit",
4259
},
4260
"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87": {
4261
"type": "String",
4262
"metadata": {
4263
+ "displayName": "Effect for policy: Virtual machines and virtual machine scale sets should have encryption at host enabled",
4264
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4265
},
4266
"allowedValues": [
4267
"Audit",
4272
},
4273
"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66": {
4274
"type": "String",
4275
"metadata": {
4276
+ "displayName": "Effect for policy: Web Application Firewall (WAF) should be enabled for Application Gateway",
4277
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4278
},
4279
"allowedValues": [
4280
"Audit",
4285
},
4286
"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9": {
4287
"type": "String",
4288
"metadata": {
4289
+ "displayName": "Effect for policy: An Azure Active Directory administrator should be provisioned for SQL servers",
4290
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4291
},
4292
"allowedValues": [
4293
"AuditIfNotExists",
4297
},
4298
"effect-c3d20c29-b36d-48fe-808b-99a87530ad99": {
4299
"type": "String",
4300
"metadata": {
4301
+ "displayName": "Effect for policy: Azure Defender for Resource Manager should be enabled",
4302
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4303
},
4304
"allowedValues": [
4305
"AuditIfNotExists",
4309
},
4310
"effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46": {
4311
"type": "String",
4312
"metadata": {
4313
+ "displayName": "Effect for policy: Resource logs in Azure Stream Analytics should be enabled",
4314
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4315
},
4316
"allowedValues": [
4317
"AuditIfNotExists",
4329
},
4330
"effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45": {
4331
"type": "String",
4332
"metadata": {
4333
+ "displayName": "Effect for policy: Resource logs in Service Bus should be enabled",
4334
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4335
},
4336
"allowedValues": [
4337
"AuditIfNotExists",
4349
},
4350
"effect-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": {
4351
"type": "String",
4352
"metadata": {
4353
+ "displayName": "Effect for policy: Network Watcher should be enabled",
4354
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4355
},
4356
"allowedValues": [
4357
"AuditIfNotExists",
4379
},
4380
"effect-013e242c-8828-4970-87b3-ab247555486d": {
4381
"type": "String",
4382
"metadata": {
4383
+ "displayName": "Effect for policy: Azure Backup should be enabled for Virtual Machines",
4384
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4385
},
4386
"allowedValues": [
4387
"AuditIfNotExists",
4391
},
4392
"effect-6c53d030-cc64-46f0-906d-2bc061cd1334": {
4393
"type": "String",
4394
"metadata": {
4395
+ "displayName": "Effect for policy: Log Analytics workspaces should block log ingestion and querying from public networks",
4396
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4397
},
4398
"allowedValues": [
4399
"Audit",
4404
},
4405
"effect-8405fdab-1faf-48aa-b702-999c9c172094": {
4406
"type": "String",
4407
"metadata": {
4408
+ "displayName": "Effect for policy: Managed disks should disable public network access",
4409
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4410
},
4411
"allowedValues": [
4412
"Audit",
4416
},
4417
"effect-fc5e4038-4584-4632-8c85-c0448d374b2c": {
4418
"type": "String",
4419
"metadata": {
4420
+ "displayName": "Effect for policy: All Internet traffic should be routed via your deployed Azure Firewall",
4421
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4422
},
4423
"allowedValues": [
4424
"AuditIfNotExists",
4428
},
4429
"effect-2154edb9-244f-4741-9970-660785bccdaa": {
4430
"type": "String",
4431
"metadata": {
4432
+ "displayName": "Effect for policy: VM Image Builder templates should use private link",
4433
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4434
},
4435
"allowedValues": [
4436
"Audit",
4453
},
4454
"effect-a6abeaec-4d90-4a02-805f-6b26c4d3fbe9": {
4455
"type": "String",
4456
"metadata": {
4457
+ "displayName": "Effect for policy: Azure Key Vaults should use private link",
4458
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4459
},
4460
"allowedValues": [
4461
"Audit",
4466
},
4467
"effect-b5ec538c-daa0-4006-8596-35468b9148e8": {
4468
"type": "String",
4469
"metadata": {
4470
+ "displayName": "Effect for policy: Storage account encryption scopes should use customer-managed keys to encrypt data at rest",
4471
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4472
},
4473
"allowedValues": [
4474
"Audit",
4479
},
4480
"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3": {
4481
"type": "String",
4482
"metadata": {
4483
+ "displayName": "Effect for policy: Azure AI Services resources should restrict network access",
4484
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4485
},
4486
"allowedValues": [
4487
"Audit",
4492
},
4493
"effect-21a6bc25-125e-4d13-b82d-2e19b7208ab7": {
4494
"type": "String",
4495
"metadata": {
4496
+ "displayName": "Effect for policy: VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users",
4497
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4498
},
4499
"allowedValues": [
4500
"Audit",
4505
},
4506
"effect-6ba6d016-e7c3-4842-b8f2-4992ebc0d72d": {
4507
"type": "String",
4508
"metadata": {
4509
+ "displayName": "Effect for policy: SQL servers on machines should have vulnerability findings resolved",
4510
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4511
},
4512
"allowedValues": [
4513
"AuditIfNotExists",
4517
},
4518
"effect-1bc02227-0cb6-4e11-8f53-eb0b22eab7e8": {
4519
"type": "String",
4520
"metadata": {
4521
+ "displayName": "Effect for policy: Application Insights components should block log ingestion and querying from public networks",
4522
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4523
},
4524
"allowedValues": [
4525
"Audit",
4552
},
4553
"effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2": {
4554
"type": "String",
4555
"metadata": {
4556
+ "displayName": "Effect for policy: Audit Windows machines that do not restrict the minimum password length to specified number of characters",
4557
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4558
},
4559
"allowedValues": [
4560
"AuditIfNotExists",
4586
},
4587
"effect-237b38db-ca4d-4259-9e47-7882441ca2c0": {
4588
"type": "String",
4589
"metadata": {
4590
+ "displayName": "Effect for policy: Audit Windows machines that do not have the minimum password age set to specified number of days",
4591
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4592
},
4593
"allowedValues": [
4594
"AuditIfNotExists",
4606
},
4607
"effect-0a075868-4c26-42ef-914c-5bc007359560": {
4608
"type": "String",
4609
"metadata": {
4610
+ "displayName": "Effect for policy: Certificates should have the specified maximum validity period",
4611
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4612
},
4613
"allowedValues": [
4614
"Audit",
4619
},
4620
"effect-56fd377d-098c-4f02-8406-81eb055902b8": {
4621
"type": "String",
4622
"metadata": {
4623
+ "displayName": "Effect for policy: IP firewall rules on Azure Synapse workspaces should be removed",
4624
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4625
},
4626
"allowedValues": [
4627
"Audit",
4631
},
4632
"effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d": {
4633
"type": "String",
4634
"metadata": {
4635
+ "displayName": "Effect for policy: Network traffic data collection agent should be installed on Windows virtual machines",
4636
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4637
},
4638
"allowedValues": [
4639
"AuditIfNotExists",
4659
},
4660
"effect-e2dd799a-a932-4e9d-ac17-d473bc3c6c10": {
4661
"type": "String",
4662
"metadata": {
4663
+ "displayName": "Effect for policy: Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images",
4664
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4665
},
4666
"allowedValues": [
4667
"AuditIfNotExists",
4671
},
4672
"effect-deeddb44-9f94-4903-9fa0-081d524406e3": {
4673
"type": "String",
4674
"metadata": {
4675
+ "displayName": "Effect for policy: Azure Recovery Services vaults should use private link for backup",
4676
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4677
},
4678
"allowedValues": [
4679
"Audit",
4683
},
4684
"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9": {
4685
"type": "String",
4686
"metadata": {
4687
+ "displayName": "Effect for policy: Azure Defender for SQL should be enabled for unprotected SQL Managed Instances",
4688
"description": "For more information about effects, visit https://aka.ms/policyeffects"
4689
},
4690
"allowedValues": [
4691
"AuditIfNotExists",
4695
},
4696
"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9": {
4697
"type": "String",
4698
"metadata": {
4699
+ "displayName": "Effect for policy: A vulnerability assessment solution should be enabled on your virtual machines",
4700
"description": "For more information about effects, visit https://aka.ms/policyeffects"
displayName: "Double encryption should be enabled on Recovery Services vaults for Backup",
description: "Check if double encryption is enabled on Recovery Services vaults for Backup. For more details refer to https://aka.ms/AB-InfraEncryption."
description: "The list of excluded API kinds for customer-managed key, default is the list of API kinds that don't have data stored in Cognitive Services"
displayName: "Effect for policy: Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys",
description: "For more information about effects, visit https://aka.ms/policyeffects"
displayName: "Status if Windows Defender is not available on machine",
description: "Windows Defender Exploit Guard is only available starting with Windows 10/Windows Server with update 1709. Setting this value to 'Non-Compliant' shows machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) as non-compliant. Setting this value to 'Compliant' shows these machines as compliant."
description: "The Maximum password age setting determines the period of time (in days) that a password can be used before the system requires the user to change it.",
description: "Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"
description: "A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')"
description: "Resource Id of the virtual network gateway. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name"
description: "Specifies limits on password reuse - how many times a new password must be created for a user account before the password can be repeated."
description: "Specifies the maximum number of days that may elapse before a user account password must be changed. The format of the value is two integers separated by a comma, denoting an inclusive range."
displayName: "Password must meet complexity requirements",
description: "Specifies whether a user account password must be complex. If required, a complex password must not contain part of user's account name or full name; be at least 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters."
description: "The Enforce password history setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused.",
description: "A semicolon-separated list of certificate thumbprints that should exist under the Trusted Root certificate store (Cert:\LocalMachine\Root). e.g. THUMBPRINT1;THUMBPRINT2;THUMBPRINT3"
description: "The resource ID of the virtual network subnet that should have a rule enabled. Example: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet"
displayName: "Effect for policy: Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation.",
description: "For more information about effects, visit https://aka.ms/policyeffects"
displayName: "Effect for policy: Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)",
description: "For more information about effects, visit https://aka.ms/policyeffects"
displayName: "[Deprecated]: Effect for policy: Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images",
description: "For more information about effects, visit https://aka.ms/policyeffects",
displayName: "Effect for policy: Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)",
description: "For more information about effects, visit https://aka.ms/policyeffects"
displayName: "NetworkWatcher resource group name",
description: "Name of the resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource group where the Network Watchers are located."