last sync: 2025-Aug-12 17:22:34 UTC

EU General Data Protection Regulation (GDPR) 2016/679

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameEU General Data Protection Regulation (GDPR) 2016/679
Id7326812a-86a4-40c8-af7c-8945de9c4913
Version1.4.0
Details on versioning
Versioning Versions supported for Versioning: 6
1.4.0
1.3.1
1.3.0
1.2.0
1.1.0
1.0.0
Built-in Versioning [Preview]
CategoryRegulatory Compliance
Microsoft Learn
DescriptionComprehensive data protection law regulating personal data processing within the EU.
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = unknown
Available in AzUSGovUnknown, no evidence if PolicySet definition is/not available in AzureUSGovernment
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 300
Builtin Policies: 300
Static Policies: 0
GA: 280
Preview: 20
41 categories:
API for FHIR: 3
API Management: 4
App Configuration: 3
App Platform: 1
App Service: 20
Automation: 2
Azure Ai Services: 3
Azure Data Explorer: 3
Azure Stack Edge: 1
Azure Update Manager: 1
Backup: 3
Batch: 3
Cache: 2
Cognitive Services: 2
Compute: 12
Container Instance: 2
Container Registry: 4
Cosmos DB: 5
Data Lake: 2
Event Grid: 2
Event Hub: 5
General: 2
Guest Configuration: 30
Internet of Things: 3
Key Vault: 14
Kubernetes: 7
Logic Apps: 1
Machine Learning: 7
Monitoring: 20
Network: 18
Security Center: 42
Service Bus: 4
Service Fabric: 2
SignalR: 1
Site Recovery: 1
SQL: 39
Storage: 17
Stream Analytics: 2
Synapse: 5
VM Image Builder: 1
Web PubSub: 1
Policy-used
Rows: 1-10 / 300
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 30
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
[Preview]: All Internet traffic should be routed via your deployed Azure Firewall fc5e4038-4584-4632-8c85-c0448d374b2c Network 3.0.0-preview 1x
3.0.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview unknown
[Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed 8dfab9c4-fe7b-49ad-85e4-1e9be085358f Kubernetes 6.0.0-preview 1x
6.0.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview true
[Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled fa498b91-8a7e-4710-9578-da944c68d1fe SQL 1.0.0-preview 1x
1.0.0-preview
Default
Audit
Allowed
Audit, Disabled
0 Preview true
[Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data 2e94d99a-8a36-4563-bc77-810d8893b671 Backup 1.0.0-preview 1x
1.0.0-preview
Default
Audit
Allowed
Audit, Deny, Disabled
0 Preview true
[Preview]: Azure Recovery Services vaults should use private link for backup deeddb44-9f94-4903-9fa0-081d524406e3 Backup 2.0.0-preview 1x
2.0.0-preview
Default
Audit
Allowed
Audit, Disabled
0 Preview unknown
[Preview]: Container Registry should use a virtual network service endpoint c4857be7-912a-4c75-87e6-e30292bcdf78 Network 1.0.0-preview 1x
1.0.0-preview
Default
Audit
Allowed
Audit, Disabled
0 Preview true
[Preview]: Guest Attestation extension should be installed on supported Linux virtual machines 672fe5a1-2fcd-42d7-b85d-902b6e28c6ff Security Center 6.0.0-preview 1x
6.0.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview true
[Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets a21f8c92-9e22-4f09-b759-50500d1d2dda Security Center 5.1.0-preview 1x
5.1.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview true
[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines 1cb4d9c2-f88f-4069-bee0-dba239a57b09 Security Center 4.0.0-preview 1x
4.0.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview true
[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets f655e522-adff-494d-95c2-52d4f6d56a42 Security Center 3.1.0-preview 1x
3.1.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview true
[Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) 47031206-ce96-41f8-861b-6a915f3de284 Internet of Things 1.0.0-preview 1x
1.0.0-preview
Default
Audit
Allowed
Audit, Deny, Disabled
0 Preview true
[Preview]: Linux virtual machines should use only signed and trusted boot components 13a6c84f-49a5-410a-b5df-5b880c3fe009 Security Center 1.0.0-preview 1x
1.0.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview unknown
[Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines 842c54e8-c2f9-4d79-ae8d-38d8b8019373 Monitoring 1.0.1-preview 1x
1.0.1-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview unknown
[Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e Monitoring 1.0.1-preview 1x
1.0.1-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview unknown
[Preview]: Machines should have ports closed that might expose attack vectors af99038c-02fd-4a2f-ac24-386b62bf32de Security Center 1.0.0-preview 1x
1.0.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview unknown
[Preview]: Network traffic data collection agent should be installed on Linux virtual machines 04c4380f-3fae-46e8-96c9-30193528f602 Monitoring 1.0.2-preview 1x
1.0.2-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview true
[Preview]: Network traffic data collection agent should be installed on Windows virtual machines 2f2ee1de-44aa-4762-b6bd-0893fc3f306d Monitoring 1.0.2-preview 1x
1.0.2-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview true
[Preview]: Recovery Services vaults should use private link 11e3da8c-1d68-4392-badd-0ff3c43ab5b0 Site Recovery 1.0.0-preview 1x
1.0.0-preview
Default
Audit
Allowed
Audit, Disabled
0 Preview unknown
[Preview]: Secure Boot should be enabled on supported Windows virtual machines 97566dd7-78ae-4997-8b36-1c7bfe0d8121 Security Center 4.0.0-preview 1x
4.0.0-preview
Default
Audit
Allowed
Audit, Disabled
0 Preview true
[Preview]: vTPM should be enabled on supported virtual machines 1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 Security Center 2.0.0-preview 1x
2.0.0-preview
Default
Audit
Allowed
Audit, Disabled
0 Preview true
A Microsoft Entra administrator should be provisioned for MySQL servers 146412e9-005c-472b-9e48-c87b72ac229e SQL 1.1.1 2x
1.1.1, 1.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
A Microsoft Entra administrator should be provisioned for PostgreSQL servers b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 SQL 1.0.1 2x
1.0.1, 1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace a1817ec0-a368-432a-8057-8371e17ac6ee Service Bus 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
All network ports should be restricted on network security groups associated to your virtual machine 9daedab3-fb2d-461e-b861-71790eead4f6 Security Center 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
An activity log alert should exist for specific Administrative operations b954148f-4c11-4c38-8221-be76711e194a Monitoring 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
An activity log alert should exist for specific Policy operations c5447c04-a4d7-4ba8-a263-c9ee321a6858 Monitoring 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
An activity log alert should exist for specific Security operations 3b980d31-7904-4bb7-8575-5665739a8052 Monitoring 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9 SQL 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
API endpoints in Azure API Management should be authenticated 8ac833bd-f505-48d5-887e-c993a1d3eea0 Security Center 1.0.1 1x
1.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
API Management minimum API version should be set to 2019-12-01 or higher 549814b6-3212-4203-bdc8-1548d342fb67 API Management 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
API Management services should use a virtual network ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management 1.0.2 1x
1.0.2
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
API Management should disable public network access to the service configuration endpoints df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management 1.0.1 1x
1.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
App Configuration should disable public network access 3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
App Configuration should use a customer-managed key 967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration 1.1.0 1x
1.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
App Configuration should use private link ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration 1.0.2 1x
1.0.2
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should have authentication enabled 95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service 2.0.1 1x
2.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should have Client Certificates (Incoming client certificates) enabled 19dd1db6-f442-49cf-a838-b0786b4401ef App Service 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should have remote debugging turned off cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should have resource logs enabled 91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service 2.0.1 1x
2.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should not have CORS configured to allow every resource to access your apps 5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service 4.0.0 1x
4.0.0
Default
Audit
Allowed
Audit, Disabled, Deny
0 GA true
App Service apps should require FTPS only 4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should use a virtual network service endpoint 2d21331d-a4c2-4def-a9ad-ee4e1e023beb Network 2.0.1 1x
2.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should use latest 'HTTP Version' 8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service 4.0.0 1x
4.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should use managed identity 2b9ad585-36bc-4615-b300-fd4435808332 App Service 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service apps should use the latest TLS version f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service 2.1.0 2x
2.1.0, 2.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
App Service Environment should have internal encryption enabled fb74e86f-d351-4b8d-b034-93da7391c01f App Service 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Application Insights components should block log ingestion and querying from public networks 1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Monitoring 1.1.0 1x
1.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA unknown
Audit diagnostic setting for selected resource types 7f89b1eb-583c-429a-8828-af049802c1d9 Monitoring 2.0.1 1x
2.0.1
Fixed
AuditIfNotExists
0 GA true
Audit flow logs configuration for every virtual network 4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Network 1.0.1 2x
1.0.1, 1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA unknown
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Guest Configuration 3.1.0 2x
3.1.0, 3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861 Guest Configuration 3.1.0 2x
3.1.0, 3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Linux machines that have accounts without passwords f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Guest Configuration 3.1.0 2x
3.1.0, 3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit resource location matches resource group location 0a914e76-4921-4c19-b460-a2d36003525a General 2.0.0 1x
2.0.0
Fixed
audit
0 GA unknown
Audit usage of custom RBAC roles a451c1ef-c6ca-483d-87ed-f49761e3ffb5 General 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Audit virtual machines without disaster recovery configured 0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Compute 1.0.0 1x
1.0.0
Fixed
auditIfNotExists
0 GA true
Audit VMs that do not use managed disks 06a78e20-9358-41c9-923c-fb736d382a4d Compute 1.0.0 1x
1.0.0
Fixed
audit
0 GA true
Audit Windows machines missing any of specified members in the Administrators group 30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Guest Configuration 2.0.0 1x
2.0.0
Fixed
auditIfNotExists
0 GA true
Audit Windows machines on which the Log Analytics agent is not connected as expected 6265018c-d7e2-432f-a75d-094d5f6f4465 Guest Configuration 2.0.0 1x
2.0.0
Fixed
auditIfNotExists
0 GA true
Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b Guest Configuration 2.1.0 1x
2.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not contain the specified certificates in Trusted Root 934345e1-4dfb-4c70-90d7-41990dc9608b Guest Configuration 3.0.0 1x
3.0.0
Fixed
auditIfNotExists
0 GA true
Audit Windows machines that do not have the maximum password age set to specified number of days 4ceb8dc2-559c-478b-a15b-733fbf1e3738 Guest Configuration 2.1.0 1x
2.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not have the minimum password age set to specified number of days 237b38db-ca4d-4259-9e47-7882441ca2c0 Guest Configuration 2.1.0 1x
2.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74 Guest Configuration 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not restrict the minimum password length to specified number of characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration 2.1.0 1x
2.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that do not store passwords using reversible encryption da0f98fe-a24b-4ad5-af69-bd0400233661 Guest Configuration 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Audit Windows machines that don't have the specified applications installed ebb67efd-3c46-49b0-adfe-5599eb944998 Guest Configuration 2.0.0 1x
2.0.0
Fixed
auditIfNotExists
0 GA true
Audit Windows machines that have extra accounts in the Administrators group 3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Guest Configuration 2.0.0 1x
2.0.0
Fixed
auditIfNotExists
0 GA true
Audit Windows machines that have the specified members in the Administrators group 69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Guest Configuration 2.0.0 1x
2.0.0
Fixed
auditIfNotExists
0 GA true
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Authentication to Linux machines should require SSH keys 630c64f9-8b6b-4c64-b511-6544ceff6fd6 Guest Configuration 3.2.0 2x
3.2.0, 3.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Authorization rules on the Event Hub instance should be defined f4826e5f-6a27-407c-ae3e-9582eb39891d Event Hub 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Authorized IP ranges should be defined on Kubernetes Services 0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Security Center 2.0.1 1x
2.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation 1.1.0 1x
1.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) 67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services 2.2.0 2x
2.2.0, 2.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure AI Services resources should have key access disabled (disable local authentication) 71ef260a-8f18-47b7-abcb-62d0673d94dc Azure Ai Services 1.1.0 2x
1.1.0, 1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure AI Services resources should restrict network access 037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure Ai Services 3.3.0 4x
3.3.0, 3.2.0, 3.1.0, 3.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure AI Services resources should use Azure Private Link d6759c02-b87f-42b7-892e-71b3f471d782 Azure Ai Services 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Azure API for FHIR should use a customer-managed key to encrypt data at rest 051cba44-2429-45b9-9649-46cec11c7119 API for FHIR 1.1.0 1x
1.1.0
Default
Audit
Allowed
audit, Audit, disabled, Disabled
0 GA unknown
Azure API for FHIR should use private link 1ee56206-5dd1-42ab-b02d-8aae8b1634ce API for FHIR 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA unknown
Azure API Management platform version should be stv2 1dc2fc00-2245-4143-99f4-874c937f13ef API Management 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed 6b2122c1-8120-4ff5-801b-17625a355590 Kubernetes 1.1.0 1x
1.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Automation accounts should use customer-managed keys to encrypt data at rest 56a5ee18-2ae6-4810-86f7-18e39ce5629b Automation 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Backup should be enabled for Virtual Machines 013e242c-8828-4970-87b3-ab247555486d Backup 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Batch account should use customer-managed keys to encrypt data 99e9ccd8-3db9-4592-b0d1-14b1715a4d8a Batch 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Cache for Redis should use private link 7803067c-7d34-46e3-8c79-0ca68fc4036d Cache 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Container Instance container group should deploy into a virtual network 8af8f826-edcb-4178-b35f-851ea6fea615 Container Instance 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Disabled, Deny
0 GA unknown
Azure Container Instance container group should use customer-managed key for encryption 0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Container Instance 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled, Deny
0 GA true
Azure Cosmos DB accounts should have firewall rules 862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Cosmos DB 2.1.0 2x
2.1.0, 2.0.0
Default
Deny
Allowed
Audit, Deny, Disabled
0 GA true
Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest 1f905d99-2ab7-462c-a6b0-f709acca6c8f Cosmos DB 1.1.0 1x
1.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Azure Cosmos DB should disable public network access 797b37f7-06b8-444c-b1ad-fc62867f335a Cosmos DB 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Data Explorer encryption at rest should use a customer-managed key 81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Defender for App Service should be enabled 2913021d-f2fd-4f3d-b958-22354e2bdbcb Security Center 1.0.3 1x
1.0.3
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Azure Defender for Azure SQL Database servers should be enabled 7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Security Center 1.0.2 1x
1.0.2
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Defender for Key Vault should be enabled 0e6763cc-5078-4e64-889d-ff4d9a839047 Security Center 1.0.3 1x
1.0.3
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Azure Defender for open-source relational databases should be enabled 0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Azure Defender for Resource Manager should be enabled c3d20c29-b36d-48fe-808b-99a87530ad99 Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Defender for servers should be enabled 4da35fc9-c9e7-4960-aec9-797fe7d9051d Security Center 1.0.3 1x
1.0.3
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Defender for SQL servers on machines should be enabled 6581d072-105e-4418-827f-bd446d56421b Security Center 1.0.2 1x
1.0.2
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Azure Defender for SQL should be enabled for unprotected Azure SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL 2.0.1 1x
2.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Defender for SQL should be enabled for unprotected MySQL flexible servers 3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers d38668f5-d155-42c7-ab3d-9b57b50f8fbf Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Defender for SQL should be enabled for unprotected SQL Managed Instances abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 SQL 1.0.2 1x
1.0.2
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Event Grid domains should use private link 9830b652-8523-49cc-b1b3-e17dce1127ca Event Grid 1.0.2 1x
1.0.2
Default
Audit
Allowed
Audit, Disabled
0 GA true
Azure Event Grid topics should use private link 4b90e17e-8448-49db-875e-bd83fb6f804f Event Grid 1.0.2 1x
1.0.2
Default
Audit
Allowed
Audit, Disabled
0 GA true
Azure Event Hub namespaces should have local authentication methods disabled 5d4e3c65-4873-47be-94f3-6f8b953a3598 Event Hub 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Azure File Sync should use private link 1d320205-c6a1-4ac6-873d-46224024e8e2 Storage 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Key Vault Managed HSM should have purge protection enabled c39ba22d-4428-4149-b981-70acb31fc383 Key Vault 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Azure Key Vault should use RBAC permission model 12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Key Vault 1.0.1 2x
1.0.1, 1.0.0-preview
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Azure Key Vaults should use private link a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Key Vault 1.2.1 1x
1.2.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Kubernetes Service clusters should have Defender profile enabled a1840de2-8088-4ea8-b153-b4c723e9cb01 Kubernetes 2.0.1 1x
2.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Azure Machine Learning compute instances should be recreated to get the latest software updates f110a506-2dcb-422e-bcea-d533fc8c35e2 Machine Learning 1.0.3 1x
1.0.3
Fixed
[parameters('effects')]
0 GA true
Azure Machine Learning Computes should be in a virtual network 7804b5c7-01dc-4723-969b-ae300cc07ff1 Machine Learning 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Azure Machine Learning Computes should have local authentication methods disabled e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Machine Learning 2.1.0 2x
2.1.0, 2.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Machine Learning workspaces should be encrypted with a customer-managed key ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Machine Learning 1.1.0 2x
1.1.0, 1.0.3
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Machine Learning Workspaces should disable public network access 438c38d2-3772-465a-a9cc-7a6666a275ce Machine Learning 2.0.1 1x
2.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Machine Learning workspaces should use private link 45e05259-1eb5-4f70-9574-baf73e9d219b Machine Learning 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' 1a4e592a-6a6e-44a5-9814-e36264ca96e7 Monitoring 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace d550e854-df1a-4de9-bf44-cd894b39a95e Monitoring 1.1.0 1x
1.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA unknown
Azure Monitor should collect activity logs from all regions 41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Monitoring 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Monitor solution 'Security and Audit' must be deployed 3e596b57-105f-48a6-be97-03e9243bad6e Monitoring 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled 40e85574-ef33-47e8-a854-7a65c7500560 SQL 1.0.1 2x
1.0.1, 1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters 0a15ec92-a229-4763-bb14-0ea34a568f8d Kubernetes 1.0.2 1x
1.0.2
Default
Audit
Allowed
Audit, Disabled
0 GA true
Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) 090c7b07-b4ed-4561-ad20-e9075f3ccaff Security Center 1.0.1 2x
1.0.1, 1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) 17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Security Center 1.0.1 2x
1.0.1, 1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Service Bus namespaces should use private link 1c06e275-d63d-4540-b761-71f364c2111d Service Bus 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure SignalR Service should use private link 2393d2cf-a342-44cd-a2e2-fe0188fd1234 SignalR 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Azure Spring Cloud should use network injection af35e2a4-ef96-44e7-a9ae-853dd97032c4 App Platform 1.2.0 1x
1.2.0
Default
Audit
Allowed
Audit, Disabled, Deny
0 GA unknown
Azure SQL Database should be running TLS version 1.2 or newer 32e6bbec-16b6-44c2-be37-c5b672d103cf SQL 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Disabled, Deny
0 GA true
Azure SQL Database should have Microsoft Entra-only authentication enabled during creation abda6d70-9778-44e7-84a8-06713e6db027 SQL 1.2.0 2x
1.2.0, 1.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure SQL Managed Instances should disable public network access 9dfea752-dd46-4766-aed1-c355fa93fb91 SQL 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation 78215662-041e-49ed-a9dd-5385911b3a1f SQL 1.2.0 2x
1.2.0, 1.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Stack Edge devices should use double-encryption b4ac1030-89c5-4697-8e00-28b5ba6a8811 Azure Stack Edge 1.1.0 1x
1.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Azure Stream Analytics jobs should use customer-managed keys to encrypt data 87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Stream Analytics 1.1.0 1x
1.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Azure subscriptions should have a log profile for Activity Log 7796937f-307b-4598-941c-67d3a05ebfe7 Monitoring 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Azure Synapse workspaces should use customer-managed keys to encrypt data at rest f7d52b2d-e161-4dfa-a82b-55e564167385 Synapse 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Synapse workspaces should use private link 72d11df1-dd8a-41f7-8925-b05b960ebafc Synapse 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Azure VPN gateways should not use 'basic' SKU e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Network 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA unknown
Azure Web Application Firewall should be enabled for Azure Front Door entry-points 055aa869-bc98-4af8-bafc-23f1ab6ffe2c Network 1.0.2 1x
1.0.2
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Azure Web PubSub Service should use private link eb907f70-7514-460d-92b3-a5ae93b4f917 Web PubSub 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA unknown
Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys 7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Kubernetes 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Certificates should have the specified maximum validity period 0a075868-4c26-42ef-914c-5bc007359560 Key Vault 2.2.1 2x
2.2.1, 2.2.0-preview
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Cognitive Services accounts should use customer owned storage 46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Container registries should be encrypted with a customer-managed key 5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container Registry 1.1.2 1x
1.1.2
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Container registries should not allow unrestricted network access d0793b48-0edc-4296-a390-4c75d1bdfd71 Container Registry 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Container registries should use private link e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container Registry 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
CORS should not allow every domain to access your API for FHIR 0fea8f8a-4169-495d-8307-30ec335f387d API for FHIR 1.1.0 1x
1.1.0
Default
Audit
Allowed
audit, Audit, disabled, Disabled
0 GA unknown
Cosmos DB database accounts should have local authentication methods disabled 5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB 1.1.0 1x
1.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Cosmos DB should use a virtual network service endpoint e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Network 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
CosmosDB accounts should use private link 58440f8a-10c5-4151-bdce-dfbaad4a20b7 Cosmos DB 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Dependency agent should be enabled for listed virtual machine images 11ac78e3-31bc-4f0c-8434-37ab963cea07 Monitoring 2.1.0 2x
2.1.0, 2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Monitoring 2.1.0 2x
2.1.0, 2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Disk access resources should use private link f39f5f49-4abf-44de-8c70-0756997bfb51 Compute 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Disk encryption should be enabled on Azure Data Explorer f4b53539-8df9-40e4-86c6-6b607703bd4e Azure Data Explorer 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Double encryption should be enabled on Azure Data Explorer ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Azure Data Explorer 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Email notification for high severity alerts should be enabled 6e2593d9-add6-4083-9c9b-4b7d2188c899 Security Center 1.2.0 3x
1.2.0, 1.1.0, 1.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Email notification to subscription owner for high severity alerts should be enabled 0b15565f-aa9e-48ba-8619-45960f2c314d Security Center 2.1.0 2x
2.1.0, 2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Enforce SSL connection should be enabled for MySQL database servers e802a67a-daf5-4436-9ea6-f6d821dd0c5d SQL 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Enforce SSL connection should be enabled for PostgreSQL database servers d158790f-bfb0-486c-8631-2dc6b4e8e6af SQL 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Event Hub namespaces should use a customer-managed key for encryption a1ad735a-e96f-45d2-a7b2-9a4932cab7ec Event Hub 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Event Hub namespaces should use private link b8564268-eb4a-4337-89be-a19db070c59d Event Hub 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Event Hub should use a virtual network service endpoint d63edb4a-c612-454d-b47d-191a724fcbf0 Network 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Flow logs should be configured for every network security group c251913d-7d24-4958-af87-478ed3b9ba41 Network 1.1.0 1x
1.1.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Function apps should have authentication enabled c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 App Service 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Function apps should have Client Certificates (Incoming client certificates) enabled ab6a902f-9493-453b-928d-62c30b11b5a6 App Service 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Function apps should have remote debugging turned off 0e60b895-3786-45da-8377-9c6b4b6ac5f9 App Service 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Function apps should not have CORS configured to allow every resource to access your apps 0820b7b9-23aa-4725-a1ce-ae4558f718e5 App Service 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Function apps should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab App Service 5.0.0 1x
5.0.0
Default
Audit
Allowed
Audit, Disabled, Deny
0 GA true
Function apps should require FTPS only 399b2637-a50f-4f95-96f8-3a145476eb15 App Service 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Function apps should use latest 'HTTP Version' e2c1c086-2d84-4019-bff3-c44ccd95113c App Service 4.0.0 1x
4.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Function apps should use managed identity 0da106f2-4ca3-48e8-bc85-c638fe6aea8f App Service 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Function apps should use the latest TLS version f9d614c5-c173-4d56-95a7-b4437057d193 App Service 2.1.0 2x
2.1.0, 2.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Geo-redundant backup should be enabled for Azure Database for MariaDB 0ec47710-77ff-4a3d-9181-6aa50af424d0 SQL 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Geo-redundant backup should be enabled for Azure Database for MySQL 82339799-d096-41ae-8538-b108becf0970 SQL 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Geo-redundant backup should be enabled for Azure Database for PostgreSQL 48af4db5-9b8b-401c-8e74-076be876a430 SQL 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
Geo-redundant storage should be enabled for Storage Accounts bf045164-79ba-4215-8f95-f8048dc1780b Storage 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Guest Configuration extension should be installed on your machines ae89ebca-1c92-4898-ac2c-9f63decb045c Security Center 1.0.3 1x
1.0.3
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
HPC Cache accounts should use customer-managed key for encryption 970f84d8-71b6-4091-9979-ace7e3fb6dbb Storage 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Disabled, Deny
0 GA unknown
Internet-facing virtual machines should be protected with network security groups f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Security Center 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
IoT Hub device provisioning service instances should use private link df39c015-56a4-45de-b4a3-efe77bed320d Internet of Things 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
IP firewall rules on Azure Synapse workspaces should be removed 56fd377d-098c-4f02-8406-81eb055902b8 Synapse 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA unknown
Key Vault keys should have an expiration date 152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault 1.0.2 1x
1.0.2
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Key Vault secrets should have an expiration date 98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault 1.0.2 1x
1.0.2
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Key Vault should use a virtual network service endpoint ea4d6841-2173-4317-9747-ff522a45120f Network 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Key vaults should have deletion protection enabled 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key Vault 2.1.0 1x
2.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Key vaults should have soft delete enabled 1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key Vault 3.0.0 1x
3.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Keys should be the specified cryptographic type RSA or EC 75c4f823-d65c-4f29-a733-01d0077fdbcb Key Vault 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. d8cf8476-a2ec-4916-896e-992351803c44 Key Vault 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA unknown
Keys using elliptic curve cryptography should have the specified curve names ff25f3c8-b739-4538-9d07-3d6d25cfb255 Key Vault 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Keys using RSA cryptography should have a specified minimum key size 82067dbb-e53b-4e06-b631-546d197452d9 Key Vault 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version fb893a29-21bb-418c-a157-e99480ec364c Security Center 1.0.2 1x
1.0.2
Default
Audit
Allowed
Audit, Disabled
0 GA true
Linux machines should meet requirements for the Azure compute security baseline fc9b3da7-8347-4380-8e70-0a0361d8dedd Guest Configuration 2.2.0 2x
2.2.0, 2.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. ca88aadc-6e2b-416c-9de2-5a0f01d1693f Guest Configuration 1.2.1 3x
1.2.1, 1.2.0-preview, 1.1.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Log Analytics workspaces should block log ingestion and querying from public networks 6c53d030-cc64-46f0-906d-2bc061cd1334 Monitoring 1.1.0 1x
1.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA unknown
Log Analytics Workspaces should block non-Azure Active Directory based ingestion. e15effd4-2278-4c65-a0da-4d6f6d1890e2 Monitoring 1.0.0 1x
1.0.0
Default
Audit
Allowed
Deny, Audit, Disabled
0 GA unknown
Long-term geo-redundant backup should be enabled for Azure SQL Databases d38fc420-0735-4ef3-ac11-c806f651a570 SQL 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Machines should be configured to periodically check for missing system updates bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Azure Update Manager 3.8.0 5x
3.8.0, 3.7.0, 3.6.0, 3.5.0, 3.4.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Machines should have secret findings resolved 3ac7c827-eea2-4bde-acc7-9568cd320efa Security Center 1.0.2 1x
1.0.2
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Managed disks should be double encrypted with both platform-managed and customer-managed keys ca91455f-eace-4f96-be59-e6e2c35b4816 Compute 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Managed disks should disable public network access 8405fdab-1faf-48aa-b702-999c9c172094 Compute 2.1.0 2x
2.1.0, 2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption d461a302-a187-421a-89ac-84acdb4edc04 Compute 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Management ports should be closed on your virtual machines 22730e10-96f6-4aac-ad84-9383d35b5917 Security Center 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Microsoft Antimalware for Azure should be configured to automatically update protection signatures c43e4a30-77cb-48ab-a4dd-93f175c63b57 Compute 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Microsoft Defender CSPM should be enabled 1f90fc71-a595-4066-8974-d4d0802e8ef0 Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Microsoft Defender for APIs should be enabled 7926a6d1-b268-4586-8197-e8ae90c877d7 Security Center 1.0.3 1x
1.0.3
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Microsoft Defender for Azure Cosmos DB should be enabled adbe85b5-83e6-4350-ab58-bf3a4f736e5e Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Microsoft Defender for Containers should be enabled 1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces d31e5c31-63b2-4f12-887b-e49456834fa1 Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Microsoft Defender for Storage should be enabled 640d2586-54d2-465f-877f-9ffc1d2109f4 Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Microsoft IaaSAntimalware extension should be deployed on Windows servers 9b597639-28e4-48eb-b506-56b05d366257 Compute 1.1.0 1x
1.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
MySQL servers should use customer-managed keys to encrypt data at rest 83cef61d-dbd1-4b20-a4fc-5fbc7da10833 SQL 1.0.4 1x
1.0.4
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Network Watcher should be enabled b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Only approved VM extensions should be installed c0e996f8-39cf-4af9-9f45-83fbde810432 Compute 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb Cache 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
OS and data disks should be encrypted with a customer-managed key 702dd420-7fcc-42c5-afe8-4026edd20fe0 Compute 3.0.0 1x
3.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
PostgreSQL servers should use customer-managed keys to encrypt data at rest 18adea5e-f416-4d0f-8aa8-d24321e3e274 SQL 1.0.4 1x
1.0.4
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Private endpoint connections on Azure SQL Database should be enabled 7698e800-9299-47a6-b3b6-5a0fee576eed SQL 1.1.0 1x
1.1.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Private endpoint connections on Batch accounts should be enabled 009a0c92-f5b4-4776-9b66-4ed2b4775563 Batch 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Private endpoint should be enabled for MariaDB servers 0a1302fb-a631-4106-9753-f3d494733990 SQL 1.0.2 1x
1.0.2
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Private endpoint should be enabled for MySQL servers 7595c971-233d-4bcf-bd18-596129188c49 SQL 1.0.2 1x
1.0.2
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Private endpoint should be enabled for PostgreSQL servers 0564d078-92f5-4f97-8398-b9f58a51f70b SQL 1.0.2 1x
1.0.2
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Public network access on Azure SQL Database should be disabled 1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL 1.1.0 1x
1.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Public network access should be disabled for Container registries 0fdf0491-d080-4575-b627-ad0e843cba0f Container Registry 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Public network access should be disabled for MariaDB servers fdccbe47-f3e3-4213-ad5d-ea459b2fa077 SQL 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Public network access should be disabled for MySQL flexible servers c9299215-ae47-4f50-9c54-8a392f68a052 SQL 2.3.0 3x
2.3.0, 2.2.0, 2.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Public network access should be disabled for MySQL servers d9844e8a-1437-4aeb-a32c-0c992f056095 SQL 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Public network access should be disabled for PostgreSQL flexible servers 5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 SQL 3.1.0 2x
3.1.0, 3.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Public network access should be disabled for PostgreSQL servers b52376f7-9612-48a1-81cd-1ffe4b61032c SQL 2.0.1 1x
2.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Resource logs in Azure Data Lake Store should be enabled 057ef27e-665e-4328-8ea3-04b3122bd9fb Data Lake 5.0.0 1x
5.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Resource logs in Azure Key Vault Managed HSM should be enabled a2a5b911-5617-447e-a49e-59dbe0e0434b Key Vault 1.1.0 1x
1.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Resource logs in Azure Kubernetes Service should be enabled 245fc9df-fa96-4414-9a0b-3738c2f7341c Kubernetes 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Resource logs in Azure Machine Learning Workspaces should be enabled afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Machine Learning 1.0.1 1x
1.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Resource logs in Azure Stream Analytics should be enabled f9be5368-9bf5-4b84-9e0a-7850da98bb46 Stream Analytics 5.0.0 1x
5.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Resource logs in Batch accounts should be enabled 428256e6-1fac-4f48-a757-df34c2b3336d Batch 5.0.0 1x
5.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Resource logs in Data Lake Analytics should be enabled c95c74d9-38fe-4f0d-af86-0c7d626a315c Data Lake 5.0.0 1x
5.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Resource logs in Event Hub should be enabled 83a214f7-d01a-484b-91a9-ed54470c9a6a Event Hub 5.0.0 1x
5.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Resource logs in IoT Hub should be enabled 383856f8-de7f-44a2-81fc-e5135b5c2aa4 Internet of Things 3.1.0 1x
3.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Resource logs in Key Vault should be enabled cf820ca0-f99e-4f3e-84fb-66e913812d21 Key Vault 5.0.0 1x
5.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Resource logs in Logic Apps should be enabled 34f95f76-5386-4de7-b824-0d8478470c9d Logic Apps 5.1.0 1x
5.1.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Resource logs in Service Bus should be enabled f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Service Bus 5.0.0 1x
5.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Security Center 1.1.0 3x
1.1.0, 1.0.4, 1.0.3
Default
Audit
Allowed
Audit, Disabled
0 GA true
Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption fa298e57-9444-42ba-bf04-86e8470e32c7 Monitoring 1.1.0 1x
1.1.0
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA true
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Service Bus Premium namespaces should use a customer-managed key for encryption 295fc8b1-dc9f-4f53-9c61-3f313ceab40a Service Bus 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign 617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric 1.1.0 1x
1.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Service Fabric clusters should only use Azure Active Directory for client authentication b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric 1.1.0 1x
1.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
SQL Auditing settings should have Action-Groups configured to capture critical activities 7ff426e2-515f-405a-91c8-4f2333442eb5 SQL 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
SQL Managed Instance should have the minimal TLS version of 1.2 a8793640-60f7-487c-b5c3-1d37215905c4 SQL 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Disabled
0 GA true
SQL managed instances should use customer-managed keys to encrypt data at rest ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
SQL Server should use a virtual network service endpoint ae5d2f14-d830-42b6-9899-df6cfe9c71a3 Network 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
SQL servers on machines should have vulnerability findings resolved 6ba6d016-e7c3-4842-b8f2-4992ebc0d72d Security Center 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
SQL servers should use customer-managed keys to encrypt data at rest 0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL 2.0.1 1x
2.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
SQL servers with auditing to storage account destination should be configured with 90 days retention or higher 89099bee-89e0-4b26-a5f4-165451757743 SQL 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Storage account encryption scopes should use customer-managed keys to encrypt data at rest b5ec538c-daa0-4006-8596-35468b9148e8 Storage 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Storage account encryption scopes should use double encryption for data at rest bfecdea6-31c4-4045-ad42-71b9dc87247d Storage 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Storage account keys should not be expired 044985bb-afe1-42cd-8a36-9d5d42424537 Storage 3.0.0 1x
3.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA unknown
Storage account public access should be disallowed 4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage 3.1.1 2x
3.1.1, 3.1.0-preview
Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA unknown
Storage accounts should allow access from trusted Microsoft services c9d007d0-c057-4772-b18c-01e546713bcd Storage 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Storage accounts should be migrated to new Azure Resource Manager resources 37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Storage accounts should have infrastructure encryption 4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Storage accounts should have the specified minimum TLS version fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Storage accounts should prevent shared key access 8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage 1.1.1 1x
1.1.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Storage accounts should restrict network access using virtual network rules 2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Storage Accounts should use a virtual network service endpoint 60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Network 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Disabled
0 GA true
Storage accounts should use customer-managed key for encryption 6fac406b-40ca-413b-bf8e-0bf964659c25 Storage 1.0.3 1x
1.0.3
Default
Audit
Allowed
Audit, Disabled
0 GA true
Storage accounts should use private link 6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Subnets should be associated with a Network Security Group e71308d3-144b-4262-b144-efdc3cc90517 Security Center 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Subscriptions should have a contact email address for security issues 4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Security Center 1.0.1 1x
1.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation 2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse 1.2.0 2x
1.2.0, 1.1.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
System updates should be installed on your machines (powered by Update Center) f85bf3e0-d513-442e-89c3-1784ad63382b Security Center 1.0.1 2x
1.0.1, 1.0.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host 41425d9f-d1a5-499a-9932-f8ed8453932c Kubernetes 1.0.1 1x
1.0.1
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
The Log Analytics extension should be installed on Virtual Machine Scale Sets efbde977-ba53-4479-b8e9-10b957924fbf Monitoring 1.0.1 1x
1.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Virtual machines and virtual machine scale sets should have encryption at host enabled fc4d8e41-e223-45ea-9bf5-eada37891d87 Compute 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity d26f7642-7545-4e18-9b75-8c9bbdee3a9a Security Center 1.0.1 1x
1.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Virtual machines should be connected to an approved virtual network d416745a-506c-48b6-8ab1-83cb814bcaa3 Network 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Virtual machines should be migrated to new Azure Resource Manager resources 1d84d5fb-01f6-4d12-ba4f-4a26081d403d Compute 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet 77e8b146-0078-4fb2-b002-e112381199f0 SQL 1.0.0 1x
1.0.0
Fixed
AuditIfNotExists
0 GA unknown
Virtual networks should use specified virtual network gateway f1776c76-f58c-4245-a8d0-2b207198dc8b Network 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
VM Image Builder templates should use private link 2154edb9-244f-4741-9970-660785bccdaa VM Image Builder 1.1.0 1x
1.1.0
Default
Audit
Allowed
Audit, Disabled, Deny
0 GA unknown
VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users 21a6bc25-125e-4d13-b82d-2e19b7208ab7 Network 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a SQL 1.0.1 1x
1.0.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 SQL 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Vulnerability assessment should be enabled on your Synapse workspaces 0049a6b3-a662-4f3e-8635-39cf44ace45a Synapse 1.0.0 1x
1.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Web Application Firewall (WAF) should be enabled for Application Gateway 564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Network 2.0.0 1x
2.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Web Application Firewall (WAF) should use the specified mode for Application Gateway 12430be1-6cc8-4527-a9a8-e3d38f250096 Network 1.0.0 1x
1.0.0
Default
Audit
Allowed
Audit, Deny, Disabled
0 GA true
Windows Defender Exploit Guard should be enabled on your machines bed48b13-6647-468e-aa2f-1af1d3f4dd40 Guest Configuration 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should be configured to use secure communication protocols 5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Guest Configuration 4.1.1 1x
4.1.1
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should meet requirements for 'Security Options - Accounts' ee984370-154a-4ee8-9726-19d900e56fc0 Guest Configuration 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should meet requirements for 'Security Options - Audit' 33936777-f2ac-45aa-82ec-07958ec9ade4 Guest Configuration 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should meet requirements for 'Security Options - Microsoft Network Server' caf2d518-f029-4f6b-833b-d7081702f253 Guest Configuration 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should meet requirements for 'Security Options - Recovery console' f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Guest Configuration 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should meet requirements for 'Security Settings - Account Policies' f2143251-70de-4e81-87a8-36cee5a2f29d Guest Configuration 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should meet requirements for 'System Audit Policies - Account Management' 94d9aca8-3757-46df-aa51-f218c5f11954 Guest Configuration 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' 58383b73-94a9-4414-b382-4146eb02611b Guest Configuration 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should meet requirements for 'System Audit Policies - Privilege Use' 87845465-c458-45f3-af66-dcd62176f397 Guest Configuration 3.0.0 1x
3.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows machines should meet requirements of the Azure compute security baseline 72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Guest Configuration 2.0.0 1x
2.0.0
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA true
Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. 3dc5edcd-002d-444c-b216-e123bbfa37c0 Guest Configuration 1.1.1 2x
1.1.1, 1.1.0-preview
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA unknown
Roles used No Roles used
History
Date/Time (UTC ymd) (i) Changes
2025-08-07 17:22:55 Version change: '1.3.0' to '1.4.0'
remove Policy Gateway subnets should not be configured with a network security group (35f9c03a-cc27-418e-9c0c-539ff999d010)
remove Policy Deploy default Microsoft IaaSAntimalware extension for Windows Server (2835b622-407b-4114-9198-6f7064cbe0dc)
remove Policy Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities (3cf2ab00-13f1-4d0c-8971-2ac904541a7e)
remove Policy Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs (385f5831-96d4-41db-9a3c-cd3af78aaae6)
remove Policy Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs (331e8ea8-378a-410f-a2e5-ae22f38bb0da)
remove Policy Deploy Diagnostic Settings for Network Security Groups (c9c29499-c1d1-4195-99bd-2ec9e3a9dc89)
remove Policy Deploy network watcher when virtual networks are created (a9b99dd8-06c5-4317-8629-9d86a3c6e7d9)
remove Policy Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity (497dff13-db2a-4c0f-8603-28fa3b331ab6)
2025-06-09 17:23:47 Version change: '1.2.0' to '1.3.0'
remove Policy [Deprecated]: Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images (5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138)
remove Policy [Deprecated]: Virtual machines should be connected to a specified workspace (f47b5582-33ec-4c5c-87c0-b010a6b2e917)
remove Policy [Deprecated]: Log Analytics Extension should be enabled for listed virtual machine images (32133ab0-ee4b-4b44-98d6-042180979d50)
2025-05-09 17:29:42 Version change: '1.1.0' to '1.2.0'
remove Policy [Deprecated]: Virtual machines should have the Log Analytics extension installed (a70ca396-0a34-413a-88e1-b956c1e683be)
2025-04-24 19:52:16 Version change: '1.0.0' to '1.1.0'
remove Policy [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated (e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15)
2025-01-30 19:27:00 add Initiative 7326812a-86a4-40c8-af7c-8945de9c4913
JSON compare
compare mode: version left: version right:
1.3.0 → 1.4.0 RENAMED
@@ -1,17 +1,17 @@
1
  {
2
  "displayName": "EU General Data Protection Regulation (GDPR) 2016/679",
3
  "description": "Comprehensive data protection law regulating personal data processing within the EU.",
4
  "metadata": {
5
- "version": "1.3.0",
6
  "category": "Regulatory Compliance"
7
  },
8
- "version": "1.3.0",
9
  "parameters": {
10
  "effect-45e05259-1eb5-4f70-9574-baf73e9d219b": {
11
  "type": "String",
12
  "metadata": {
13
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
14
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
15
  },
16
  "allowedValues": [
17
  "Audit",
@@ -21,9 +21,9 @@
21
  },
22
  "effect-81e74cea-30fd-40d5-802f-d72103c2aaaa": {
23
  "type": "String",
24
  "metadata": {
25
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
26
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
27
  },
28
  "allowedValues": [
29
  "Audit",
@@ -34,9 +34,9 @@
34
  },
35
  "effect-f655e522-adff-494d-95c2-52d4f6d56a42": {
36
  "type": "String",
37
  "metadata": {
38
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
39
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
40
  },
41
  "allowedValues": [
42
  "AuditIfNotExists",
@@ -46,9 +46,9 @@
46
  },
47
  "effect-40e85574-ef33-47e8-a854-7a65c7500560": {
48
  "type": "String",
49
  "metadata": {
50
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
51
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
52
  },
53
  "allowedValues": [
54
  "AuditIfNotExists",
@@ -58,9 +58,9 @@
58
  },
59
  "effect-fa298e57-9444-42ba-bf04-86e8470e32c7": {
60
  "type": "String",
61
  "metadata": {
62
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
63
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
64
  },
65
  "allowedValues": [
66
  "Audit",
@@ -71,9 +71,9 @@
71
  },
72
  "effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0": {
73
  "type": "String",
74
  "metadata": {
75
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
76
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
77
  },
78
  "allowedValues": [
79
  "Audit",
@@ -97,9 +97,9 @@
97
  },
98
  "effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023": {
99
  "type": "String",
100
  "metadata": {
101
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
102
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
103
  },
104
  "allowedValues": [
105
  "AuditIfNotExists",
@@ -109,9 +109,9 @@
109
  },
110
  "effect-df39c015-56a4-45de-b4a3-efe77bed320d": {
111
  "type": "String",
112
  "metadata": {
113
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
114
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
115
  },
116
  "allowedValues": [
117
  "Audit",
@@ -121,9 +121,9 @@
121
  },
122
  "effect-3b980d31-7904-4bb7-8575-5665739a8052": {
123
  "type": "String",
124
  "metadata": {
125
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
126
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
127
  },
128
  "allowedValues": [
129
  "AuditIfNotExists",
@@ -145,9 +145,9 @@
145
  },
146
  "effect-c251913d-7d24-4958-af87-478ed3b9ba41": {
147
  "type": "String",
148
  "metadata": {
149
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
150
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
151
  },
152
  "allowedValues": [
153
  "Audit",
@@ -157,9 +157,9 @@
157
  },
158
  "effect-47031206-ce96-41f8-861b-6a915f3de284": {
159
  "type": "String",
160
  "metadata": {
161
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
162
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
163
  },
164
  "allowedValues": [
165
  "Audit",
@@ -170,9 +170,9 @@
170
  },
171
  "effect-6b2122c1-8120-4ff5-801b-17625a355590": {
172
  "type": "String",
173
  "metadata": {
174
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
175
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
176
  },
177
  "allowedValues": [
178
  "AuditIfNotExists",
@@ -182,9 +182,9 @@
182
  },
183
  "effect-2e94d99a-8a36-4563-bc77-810d8893b671": {
184
  "type": "String",
185
  "metadata": {
186
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
187
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
188
  },
189
  "allowedValues": [
190
  "Audit",
@@ -207,9 +207,9 @@
207
  },
208
  "effect-a1817ec0-a368-432a-8057-8371e17ac6ee": {
209
  "type": "String",
210
  "metadata": {
211
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
212
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
213
  },
214
  "allowedValues": [
215
  "Audit",
@@ -220,9 +220,9 @@
220
  },
221
  "effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb": {
222
  "type": "String",
223
  "metadata": {
224
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
225
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
226
  },
227
  "allowedValues": [
228
  "AuditIfNotExists",
@@ -232,9 +232,9 @@
232
  },
233
  "effect-0a15ec92-a229-4763-bb14-0ea34a568f8d": {
234
  "type": "String",
235
  "metadata": {
236
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
237
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
238
  },
239
  "allowedValues": [
240
  "Audit",
@@ -244,9 +244,9 @@
244
  },
245
  "effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9": {
246
  "type": "String",
247
  "metadata": {
248
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
249
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
250
  },
251
  "allowedValues": [
252
  "AuditIfNotExists",
@@ -256,9 +256,9 @@
256
  },
257
  "effect-a2a5b911-5617-447e-a49e-59dbe0e0434b": {
258
  "type": "String",
259
  "metadata": {
260
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
261
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
262
  },
263
  "allowedValues": [
264
  "AuditIfNotExists",
@@ -276,9 +276,9 @@
276
  },
277
  "effect-7804b5c7-01dc-4723-969b-ae300cc07ff1": {
278
  "type": "String",
279
  "metadata": {
280
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
281
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
282
  },
283
  "allowedValues": [
284
  "Audit",
@@ -288,9 +288,9 @@
288
  },
289
  "effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c": {
290
  "type": "String",
291
  "metadata": {
292
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
293
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
294
  },
295
  "allowedValues": [
296
  "Audit",
@@ -301,9 +301,9 @@
301
  },
302
  "effect-3e596b57-105f-48a6-be97-03e9243bad6e": {
303
  "type": "String",
304
  "metadata": {
305
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
306
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
307
  },
308
  "allowedValues": [
309
  "AuditIfNotExists",
@@ -313,9 +313,9 @@
313
  },
314
  "effect-3dc5edcd-002d-444c-b216-e123bbfa37c0": {
315
  "type": "String",
316
  "metadata": {
317
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
318
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
319
  },
320
  "allowedValues": [
321
  "AuditIfNotExists",
@@ -325,9 +325,9 @@
325
  },
326
  "effect-8af8f826-edcb-4178-b35f-851ea6fea615": {
327
  "type": "String",
328
  "metadata": {
329
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
330
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
331
  },
332
  "allowedValues": [
333
  "Audit",
@@ -338,9 +338,9 @@
338
  },
339
  "effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5": {
340
  "type": "String",
341
  "metadata": {
342
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
343
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
344
  },
345
  "allowedValues": [
346
  "Audit",
@@ -350,9 +350,9 @@
350
  },
351
  "effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d": {
352
  "type": "String",
353
  "metadata": {
354
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
355
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
356
  },
357
  "allowedValues": [
358
  "Audit",
@@ -363,9 +363,9 @@
363
  },
364
  "effect-7ff426e2-515f-405a-91c8-4f2333442eb5": {
365
  "type": "String",
366
  "metadata": {
367
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
368
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
369
  },
370
  "allowedValues": [
371
  "AuditIfNotExists",
@@ -375,9 +375,9 @@
375
  },
376
  "effect-71ef260a-8f18-47b7-abcb-62d0673d94dc": {
377
  "type": "String",
378
  "metadata": {
379
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
380
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
381
  },
382
  "allowedValues": [
383
  "Audit",
@@ -388,9 +388,9 @@
388
  },
389
  "effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4": {
390
  "type": "String",
391
  "metadata": {
392
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
393
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
394
  },
395
  "allowedValues": [
396
  "Audit",
@@ -400,9 +400,9 @@
400
  },
401
  "effect-98728c90-32c7-4049-8429-847dc0f4fe37": {
402
  "type": "String",
403
  "metadata": {
404
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
405
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
406
  },
407
  "allowedValues": [
408
  "Audit",
@@ -413,9 +413,9 @@
413
  },
414
  "effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2": {
415
  "type": "String",
416
  "metadata": {
417
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
418
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
419
  },
420
  "allowedValues": [
421
  "Audit",
@@ -447,9 +447,9 @@
447
  },
448
  "effect-33936777-f2ac-45aa-82ec-07958ec9ade4": {
449
  "type": "String",
450
  "metadata": {
451
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
452
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
453
  },
454
  "allowedValues": [
455
  "AuditIfNotExists",
@@ -459,9 +459,9 @@
459
  },
460
  "effect-83a214f7-d01a-484b-91a9-ed54470c9a6a": {
461
  "type": "String",
462
  "metadata": {
463
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
464
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
465
  },
466
  "allowedValues": [
467
  "AuditIfNotExists",
@@ -479,9 +479,9 @@
479
  },
480
  "effect-f9d614c5-c173-4d56-95a7-b4437057d193": {
481
  "type": "String",
482
  "metadata": {
483
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
484
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
485
  },
486
  "allowedValues": [
487
  "AuditIfNotExists",
@@ -491,9 +491,9 @@
491
  },
492
  "effect-3ac7c827-eea2-4bde-acc7-9568cd320efa": {
493
  "type": "String",
494
  "metadata": {
495
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
496
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
497
  },
498
  "allowedValues": [
499
  "AuditIfNotExists",
@@ -503,9 +503,9 @@
503
  },
504
  "effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d": {
505
  "type": "String",
506
  "metadata": {
507
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
508
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
509
  },
510
  "allowedValues": [
511
  "Audit",
@@ -541,9 +541,9 @@
541
  },
542
  "effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b": {
543
  "type": "String",
544
  "metadata": {
545
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
546
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
547
  },
548
  "allowedValues": [
549
  "AuditIfNotExists",
@@ -553,9 +553,9 @@
553
  },
554
  "effect-18adea5e-f416-4d0f-8aa8-d24321e3e274": {
555
  "type": "String",
556
  "metadata": {
557
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
558
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
559
  },
560
  "allowedValues": [
561
  "AuditIfNotExists",
@@ -565,9 +565,9 @@
565
  },
566
  "effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea": {
567
  "type": "String",
568
  "metadata": {
569
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
570
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
571
  },
572
  "allowedValues": [
573
  "Audit",
@@ -577,9 +577,9 @@
577
  },
578
  "effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": {
579
  "type": "String",
580
  "metadata": {
581
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
582
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
583
  },
584
  "allowedValues": [
585
  "Audit",
@@ -590,9 +590,9 @@
590
  },
591
  "effect-0fdf0491-d080-4575-b627-ad0e843cba0f": {
592
  "type": "String",
593
  "metadata": {
594
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
595
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
596
  },
597
  "allowedValues": [
598
  "Audit",
@@ -603,9 +603,9 @@
603
  },
604
  "effect-a4af4a39-4135-47fb-b175-47fbdf85311d": {
605
  "type": "String",
606
  "metadata": {
607
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
608
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
609
  },
610
  "allowedValues": [
611
  "Audit",
@@ -616,9 +616,9 @@
616
  },
617
  "effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6": {
618
  "type": "String",
619
  "metadata": {
620
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
621
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
622
  },
623
  "allowedValues": [
624
  "AuditIfNotExists",
@@ -636,9 +636,9 @@
636
  },
637
  "effect-404c3081-a854-4457-ae30-26a93ef643f9": {
638
  "type": "String",
639
  "metadata": {
640
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
641
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
642
  },
643
  "allowedValues": [
644
  "Audit",
@@ -649,9 +649,9 @@
649
  },
650
  "effect-f7d52b2d-e161-4dfa-a82b-55e564167385": {
651
  "type": "String",
652
  "metadata": {
653
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
654
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
655
  },
656
  "allowedValues": [
657
  "Audit",
@@ -662,9 +662,9 @@
662
  },
663
  "effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67": {
664
  "type": "String",
665
  "metadata": {
666
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
667
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
668
  },
669
  "allowedValues": [
670
  "Audit",
@@ -675,9 +675,9 @@
675
  },
676
  "effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": {
677
  "type": "String",
678
  "metadata": {
679
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
680
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
681
  },
682
  "allowedValues": [
683
  "AuditIfNotExists",
@@ -687,9 +687,9 @@
687
  },
688
  "effect-295fc8b1-dc9f-4f53-9c61-3f313ceab40a": {
689
  "type": "String",
690
  "metadata": {
691
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
692
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
693
  },
694
  "allowedValues": [
695
  "Audit",
@@ -699,9 +699,9 @@
699
  },
700
  "effect-0049a6b3-a662-4f3e-8635-39cf44ace45a": {
701
  "type": "String",
702
  "metadata": {
703
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
704
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
705
  },
706
  "allowedValues": [
707
  "AuditIfNotExists",
@@ -724,9 +724,9 @@
724
  },
725
  "effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd": {
726
  "type": "String",
727
  "metadata": {
728
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
729
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
730
  },
731
  "allowedValues": [
732
  "AuditIfNotExists",
@@ -736,9 +736,9 @@
736
  },
737
  "effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d": {
738
  "type": "String",
739
  "metadata": {
740
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
741
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
742
  },
743
  "allowedValues": [
744
  "Audit",
@@ -748,9 +748,9 @@
748
  },
749
  "effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af": {
750
  "type": "String",
751
  "metadata": {
752
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
753
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
754
  },
755
  "allowedValues": [
756
  "Audit",
@@ -773,9 +773,9 @@
773
  },
774
  "effect-87845465-c458-45f3-af66-dcd62176f397": {
775
  "type": "String",
776
  "metadata": {
777
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
778
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
779
  },
780
  "allowedValues": [
781
  "AuditIfNotExists",
@@ -785,9 +785,9 @@
785
  },
786
  "effect-efbde977-ba53-4479-b8e9-10b957924fbf": {
787
  "type": "String",
788
  "metadata": {
789
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
790
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
791
  },
792
  "allowedValues": [
793
  "AuditIfNotExists",
@@ -810,9 +810,9 @@
810
  },
811
  "effect-e6955644-301c-44b5-a4c4-528577de6861": {
812
  "type": "String",
813
  "metadata": {
814
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
815
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
816
  },
817
  "allowedValues": [
818
  "AuditIfNotExists",
@@ -835,9 +835,9 @@
835
  },
836
  "effect-630c64f9-8b6b-4c64-b511-6544ceff6fd6": {
837
  "type": "String",
838
  "metadata": {
839
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
840
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
841
  },
842
  "allowedValues": [
843
  "AuditIfNotExists",
@@ -872,9 +872,9 @@
872
  },
873
  "effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40": {
874
  "type": "String",
875
  "metadata": {
876
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
877
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
878
  },
879
  "allowedValues": [
880
  "AuditIfNotExists",
@@ -884,9 +884,9 @@
884
  },
885
  "effect-1b8ca024-1d5c-4dec-8995-b1a932b41780": {
886
  "type": "String",
887
  "metadata": {
888
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
889
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
890
  },
891
  "allowedValues": [
892
  "Audit",
@@ -897,9 +897,9 @@
897
  },
898
  "effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f": {
899
  "type": "String",
900
  "metadata": {
901
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
902
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
903
  },
904
  "allowedValues": [
905
  "AuditIfNotExists",
@@ -909,9 +909,9 @@
909
  },
910
  "effect-f4b53539-8df9-40e4-86c6-6b607703bd4e": {
911
  "type": "String",
912
  "metadata": {
913
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
914
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
915
  },
916
  "allowedValues": [
917
  "Audit",
@@ -943,9 +943,9 @@
943
  },
944
  "effect-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0": {
945
  "type": "String",
946
  "metadata": {
947
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
948
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
949
  },
950
  "allowedValues": [
951
  "AuditIfNotExists",
@@ -955,9 +955,9 @@
955
  },
956
  "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": {
957
  "type": "String",
958
  "metadata": {
959
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
960
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
961
  },
962
  "allowedValues": [
963
  "AuditIfNotExists",
@@ -967,9 +967,9 @@
967
  },
968
  "effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb": {
969
  "type": "String",
970
  "metadata": {
971
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
972
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
973
  },
974
  "allowedValues": [
975
  "Audit",
@@ -980,9 +980,9 @@
980
  },
981
  "effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6": {
982
  "type": "String",
983
  "metadata": {
984
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
985
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
986
  },
987
  "allowedValues": [
988
  "Audit",
@@ -993,9 +993,9 @@
993
  },
994
  "effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b": {
995
  "type": "String",
996
  "metadata": {
997
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
998
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
999
  },
1000
  "allowedValues": [
1001
  "AuditIfNotExists",
@@ -1024,9 +1024,9 @@
1024
  },
1025
  "effect-75c4f823-d65c-4f29-a733-01d0077fdbcb": {
1026
  "type": "String",
1027
  "metadata": {
1028
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1029
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1030
  },
1031
  "allowedValues": [
1032
  "Audit",
@@ -1037,9 +1037,9 @@
1037
  },
1038
  "effect-0ec47710-77ff-4a3d-9181-6aa50af424d0": {
1039
  "type": "String",
1040
  "metadata": {
1041
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1042
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1043
  },
1044
  "allowedValues": [
1045
  "Audit",
@@ -1049,9 +1049,9 @@
1049
  },
1050
  "effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57": {
1051
  "type": "String",
1052
  "metadata": {
1053
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1054
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1055
  },
1056
  "allowedValues": [
1057
  "AuditIfNotExists",
@@ -1081,9 +1081,9 @@
1081
  },
1082
  "effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7": {
1083
  "type": "String",
1084
  "metadata": {
1085
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1086
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1087
  },
1088
  "allowedValues": [
1089
  "AuditIfNotExists",
@@ -1093,9 +1093,9 @@
1093
  },
1094
  "effect-428256e6-1fac-4f48-a757-df34c2b3336d": {
1095
  "type": "String",
1096
  "metadata": {
1097
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1098
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1099
  },
1100
  "allowedValues": [
1101
  "AuditIfNotExists",
@@ -1113,9 +1113,9 @@
1113
  },
1114
  "effect-2158ddbe-fefa-408e-b43f-d4faef8ff3b8": {
1115
  "type": "String",
1116
  "metadata": {
1117
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1118
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1119
  },
1120
  "allowedValues": [
1121
  "Audit",
@@ -1126,9 +1126,9 @@
1126
  },
1127
  "effect-797b37f7-06b8-444c-b1ad-fc62867f335a": {
1128
  "type": "String",
1129
  "metadata": {
1130
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1131
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1132
  },
1133
  "allowedValues": [
1134
  "Audit",
@@ -1139,9 +1139,9 @@
1139
  },
1140
  "effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb": {
1141
  "type": "String",
1142
  "metadata": {
1143
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1144
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1145
  },
1146
  "allowedValues": [
1147
  "Audit",
@@ -1152,9 +1152,9 @@
1152
  },
1153
  "effect-6e2593d9-add6-4083-9c9b-4b7d2188c899": {
1154
  "type": "String",
1155
  "metadata": {
1156
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1157
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1158
  },
1159
  "allowedValues": [
1160
  "AuditIfNotExists",
@@ -1177,9 +1177,9 @@
1177
  },
1178
  "effect-94d9aca8-3757-46df-aa51-f218c5f11954": {
1179
  "type": "String",
1180
  "metadata": {
1181
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1182
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1183
  },
1184
  "allowedValues": [
1185
  "AuditIfNotExists",
@@ -1189,9 +1189,9 @@
1189
  },
1190
  "effect-9daedab3-fb2d-461e-b861-71790eead4f6": {
1191
  "type": "String",
1192
  "metadata": {
1193
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1194
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1195
  },
1196
  "allowedValues": [
1197
  "AuditIfNotExists",
@@ -1201,9 +1201,9 @@
1201
  },
1202
  "effect-8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54": {
1203
  "type": "String",
1204
  "metadata": {
1205
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1206
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1207
  },
1208
  "allowedValues": [
1209
  "Audit",
@@ -1214,9 +1214,9 @@
1214
  },
1215
  "effect-2d21331d-a4c2-4def-a9ad-ee4e1e023beb": {
1216
  "type": "String",
1217
  "metadata": {
1218
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1219
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1220
  },
1221
  "allowedValues": [
1222
  "AuditIfNotExists",
@@ -1226,9 +1226,9 @@
1226
  },
1227
  "effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b": {
1228
  "type": "String",
1229
  "metadata": {
1230
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1231
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1232
  },
1233
  "allowedValues": [
1234
  "Audit",
@@ -1274,9 +1274,9 @@
1274
  },
1275
  "effect-bf16e0bb-31e1-4646-8202-60a235cc7e74": {
1276
  "type": "String",
1277
  "metadata": {
1278
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1279
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1280
  },
1281
  "allowedValues": [
1282
  "AuditIfNotExists",
@@ -1286,9 +1286,9 @@
1286
  },
1287
  "effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f": {
1288
  "type": "String",
1289
  "metadata": {
1290
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1291
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1292
  },
1293
  "allowedValues": [
1294
  "AuditIfNotExists",
@@ -1298,9 +1298,9 @@
1298
  },
1299
  "effect-46aa9b05-0e60-4eae-a88b-1e9d374fa515": {
1300
  "type": "String",
1301
  "metadata": {
1302
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1303
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1304
  },
1305
  "allowedValues": [
1306
  "Audit",
@@ -1311,9 +1311,9 @@
1311
  },
1312
  "effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9": {
1313
  "type": "String",
1314
  "metadata": {
1315
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1316
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1317
  },
1318
  "allowedValues": [
1319
  "AuditIfNotExists",
@@ -1323,9 +1323,9 @@
1323
  },
1324
  "effect-91a78b24-f231-4a8a-8da9-02c35b2b6510": {
1325
  "type": "String",
1326
  "metadata": {
1327
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1328
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1329
  },
1330
  "allowedValues": [
1331
  "AuditIfNotExists",
@@ -1351,9 +1351,9 @@
1351
  },
1352
  "effect-d461a302-a187-421a-89ac-84acdb4edc04": {
1353
  "type": "String",
1354
  "metadata": {
1355
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1356
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1357
  },
1358
  "allowedValues": [
1359
  "Audit",
@@ -1364,9 +1364,9 @@
1364
  },
1365
  "effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34": {
1366
  "type": "String",
1367
  "metadata": {
1368
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1369
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1370
  },
1371
  "allowedValues": [
1372
  "AuditIfNotExists",
@@ -1376,9 +1376,9 @@
1376
  },
1377
  "effect-ca91455f-eace-4f96-be59-e6e2c35b4816": {
1378
  "type": "String",
1379
  "metadata": {
1380
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1381
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1382
  },
1383
  "allowedValues": [
1384
  "Audit",
@@ -1389,9 +1389,9 @@
1389
  },
1390
  "effect-f4826e5f-6a27-407c-ae3e-9582eb39891d": {
1391
  "type": "String",
1392
  "metadata": {
1393
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1394
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1395
  },
1396
  "allowedValues": [
1397
  "AuditIfNotExists",
@@ -1401,9 +1401,9 @@
1401
  },
1402
  "effect-7803067c-7d34-46e3-8c79-0ca68fc4036d": {
1403
  "type": "String",
1404
  "metadata": {
1405
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1406
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1407
  },
1408
  "allowedValues": [
1409
  "AuditIfNotExists",
@@ -1413,9 +1413,9 @@
1413
  },
1414
  "effect-34c877ad-507e-4c82-993e-3452a6e0ad3c": {
1415
  "type": "String",
1416
  "metadata": {
1417
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1418
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1419
  },
1420
  "allowedValues": [
1421
  "Audit",
@@ -1426,9 +1426,9 @@
1426
  },
1427
  "effect-ab6a902f-9493-453b-928d-62c30b11b5a6": {
1428
  "type": "String",
1429
  "metadata": {
1430
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1431
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1432
  },
1433
  "allowedValues": [
1434
  "AuditIfNotExists",
@@ -1438,9 +1438,9 @@
1438
  },
1439
  "effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606": {
1440
  "type": "String",
1441
  "metadata": {
1442
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1443
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1444
  },
1445
  "allowedValues": [
1446
  "Audit",
@@ -1451,9 +1451,9 @@
1451
  },
1452
  "effect-3d9f5e4c-9947-4579-9539-2a7695fbc187": {
1453
  "type": "String",
1454
  "metadata": {
1455
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1456
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1457
  },
1458
  "allowedValues": [
1459
  "Audit",
@@ -1464,9 +1464,9 @@
1464
  },
1465
  "effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c": {
1466
  "type": "String",
1467
  "metadata": {
1468
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1469
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1470
  },
1471
  "allowedValues": [
1472
  "AuditIfNotExists",
@@ -1476,9 +1476,9 @@
1476
  },
1477
  "effect-009a0c92-f5b4-4776-9b66-4ed2b4775563": {
1478
  "type": "String",
1479
  "metadata": {
1480
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1481
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1482
  },
1483
  "allowedValues": [
1484
  "AuditIfNotExists",
@@ -1488,9 +1488,9 @@
1488
  },
1489
  "effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7": {
1490
  "type": "String",
1491
  "metadata": {
1492
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1493
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1494
  },
1495
  "allowedValues": [
1496
  "Audit",
@@ -1501,9 +1501,9 @@
1501
  },
1502
  "effect-fb893a29-21bb-418c-a157-e99480ec364c": {
1503
  "type": "String",
1504
  "metadata": {
1505
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1506
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1507
  },
1508
  "allowedValues": [
1509
  "Audit",
@@ -1513,9 +1513,9 @@
1513
  },
1514
  "effect-2b9ad585-36bc-4615-b300-fd4435808332": {
1515
  "type": "String",
1516
  "metadata": {
1517
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1518
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1519
  },
1520
  "allowedValues": [
1521
  "AuditIfNotExists",
@@ -1525,9 +1525,9 @@
1525
  },
1526
  "effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4": {
1527
  "type": "String",
1528
  "metadata": {
1529
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1530
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1531
  },
1532
  "allowedValues": [
1533
  "Audit",
@@ -1553,9 +1553,9 @@
1553
  },
1554
  "effect-2393d2cf-a342-44cd-a2e2-fe0188fd1234": {
1555
  "type": "String",
1556
  "metadata": {
1557
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1558
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1559
  },
1560
  "allowedValues": [
1561
  "Audit",
@@ -1565,9 +1565,9 @@
1565
  },
1566
  "effect-b8564268-eb4a-4337-89be-a19db070c59d": {
1567
  "type": "String",
1568
  "metadata": {
1569
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1570
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1571
  },
1572
  "allowedValues": [
1573
  "AuditIfNotExists",
@@ -1577,9 +1577,9 @@
1577
  },
1578
  "effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": {
1579
  "type": "String",
1580
  "metadata": {
1581
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1582
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1583
  },
1584
  "allowedValues": [
1585
  "Audit",
@@ -1590,9 +1590,9 @@
1590
  },
1591
  "effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1": {
1592
  "type": "String",
1593
  "metadata": {
1594
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1595
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1596
  },
1597
  "allowedValues": [
1598
  "Audit",
@@ -1603,9 +1603,9 @@
1603
  },
1604
  "effect-e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f": {
1605
  "type": "String",
1606
  "metadata": {
1607
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1608
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1609
  },
1610
  "allowedValues": [
1611
  "Audit",
@@ -1616,9 +1616,9 @@
1616
  },
1617
  "effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751": {
1618
  "type": "String",
1619
  "metadata": {
1620
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1621
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1622
  },
1623
  "allowedValues": [
1624
  "Audit",
@@ -1629,9 +1629,9 @@
1629
  },
1630
  "effect-c4857be7-912a-4c75-87e6-e30292bcdf78": {
1631
  "type": "String",
1632
  "metadata": {
1633
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1634
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1635
  },
1636
  "allowedValues": [
1637
  "Audit",
@@ -1657,9 +1657,9 @@
1657
  },
1658
  "effect-11ac78e3-31bc-4f0c-8434-37ab963cea07": {
1659
  "type": "String",
1660
  "metadata": {
1661
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1662
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1663
  },
1664
  "allowedValues": [
1665
  "AuditIfNotExists",
@@ -1691,9 +1691,9 @@
1691
  },
1692
  "effect-4ceb8dc2-559c-478b-a15b-733fbf1e3738": {
1693
  "type": "String",
1694
  "metadata": {
1695
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1696
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1697
  },
1698
  "allowedValues": [
1699
  "AuditIfNotExists",
@@ -1703,9 +1703,9 @@
1703
  },
1704
  "effect-fe83a0eb-a853-422d-aac2-1bffd182c5d0": {
1705
  "type": "String",
1706
  "metadata": {
1707
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1708
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1709
  },
1710
  "allowedValues": [
1711
  "Audit",
@@ -1738,9 +1738,9 @@
1738
  },
1739
  "effect-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
1740
  "type": "String",
1741
  "metadata": {
1742
- "displayName": "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1743
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
1744
  "deprecated": true
1745
  },
1746
  "allowedValues": [
@@ -1751,9 +1751,9 @@
1751
  },
1752
  "effect-ae5d2f14-d830-42b6-9899-df6cfe9c71a3": {
1753
  "type": "String",
1754
  "metadata": {
1755
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1756
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1757
  },
1758
  "allowedValues": [
1759
  "AuditIfNotExists",
@@ -1763,9 +1763,9 @@
1763
  },
1764
  "effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d": {
1765
  "type": "String",
1766
  "metadata": {
1767
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1768
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1769
  },
1770
  "allowedValues": [
1771
  "AuditIfNotExists",
@@ -1775,9 +1775,9 @@
1775
  },
1776
  "effect-a1840de2-8088-4ea8-b153-b4c723e9cb01": {
1777
  "type": "String",
1778
  "metadata": {
1779
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1780
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1781
  },
1782
  "allowedValues": [
1783
  "Audit",
@@ -1800,9 +1800,9 @@
1800
  },
1801
  "effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99": {
1802
  "type": "String",
1803
  "metadata": {
1804
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1805
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1806
  },
1807
  "allowedValues": [
1808
  "AuditIfNotExists",
@@ -1812,9 +1812,9 @@
1812
  },
1813
  "effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2": {
1814
  "type": "String",
1815
  "metadata": {
1816
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1817
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1818
  },
1819
  "allowedValues": [
1820
  "AuditIfNotExists",
@@ -1824,9 +1824,9 @@
1824
  },
1825
  "effect-fa498b91-8a7e-4710-9578-da944c68d1fe": {
1826
  "type": "String",
1827
  "metadata": {
1828
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1829
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1830
  },
1831
  "allowedValues": [
1832
  "Audit",
@@ -1836,9 +1836,9 @@
1836
  },
1837
  "effect-a70ca396-0a34-413a-88e1-b956c1e683be": {
1838
  "type": "String",
1839
  "metadata": {
1840
- "displayName": "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1841
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
1842
  "deprecated": true
1843
  },
1844
  "allowedValues": [
@@ -1849,9 +1849,9 @@
1849
  },
1850
  "effect-7796937f-307b-4598-941c-67d3a05ebfe7": {
1851
  "type": "String",
1852
  "metadata": {
1853
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1854
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1855
  },
1856
  "allowedValues": [
1857
  "AuditIfNotExists",
@@ -1861,9 +1861,9 @@
1861
  },
1862
  "effect-89099bee-89e0-4b26-a5f4-165451757743": {
1863
  "type": "String",
1864
  "metadata": {
1865
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1866
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1867
  },
1868
  "allowedValues": [
1869
  "AuditIfNotExists",
@@ -1873,9 +1873,9 @@
1873
  },
1874
  "effect-fb74e86f-d351-4b8d-b034-93da7391c01f": {
1875
  "type": "String",
1876
  "metadata": {
1877
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1878
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1879
  },
1880
  "allowedValues": [
1881
  "Audit",
@@ -1904,9 +1904,9 @@
1904
  },
1905
  "effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255": {
1906
  "type": "String",
1907
  "metadata": {
1908
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1909
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1910
  },
1911
  "allowedValues": [
1912
  "Audit",
@@ -1917,9 +1917,9 @@
1917
  },
1918
  "effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373": {
1919
  "type": "String",
1920
  "metadata": {
1921
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1922
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1923
  },
1924
  "allowedValues": [
1925
  "AuditIfNotExists",
@@ -1929,9 +1929,9 @@
1929
  },
1930
  "effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71": {
1931
  "type": "String",
1932
  "metadata": {
1933
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1934
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1935
  },
1936
  "allowedValues": [
1937
  "AuditIfNotExists",
@@ -1941,9 +1941,9 @@
1941
  },
1942
  "effect-17k78e20-9358-41c9-923c-fb736d382a12": {
1943
  "type": "String",
1944
  "metadata": {
1945
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1946
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1947
  },
1948
  "allowedValues": [
1949
  "AuditIfNotExists",
@@ -1953,9 +1953,9 @@
1953
  },
1954
  "effect-4c3c6c5f-0d47-4402-99b8-aa543dd8bcee": {
1955
  "type": "String",
1956
  "metadata": {
1957
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1958
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1959
  },
1960
  "allowedValues": [
1961
  "Audit",
@@ -1965,9 +1965,9 @@
1965
  },
1966
  "effect-d6759c02-b87f-42b7-892e-71b3f471d782": {
1967
  "type": "String",
1968
  "metadata": {
1969
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1970
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1971
  },
1972
  "allowedValues": [
1973
  "Audit",
@@ -1977,9 +1977,9 @@
1977
  },
1978
  "effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48": {
1979
  "type": "String",
1980
  "metadata": {
1981
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1982
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1983
  },
1984
  "allowedValues": [
1985
  "Audit",
@@ -1990,9 +1990,9 @@
1990
  },
1991
  "effect-970f84d8-71b6-4091-9979-ace7e3fb6dbb": {
1992
  "type": "String",
1993
  "metadata": {
1994
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
1995
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1996
  },
1997
  "allowedValues": [
1998
  "Audit",
@@ -2003,9 +2003,9 @@
2003
  },
2004
  "effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a": {
2005
  "type": "String",
2006
  "metadata": {
2007
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2008
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2009
  },
2010
  "allowedValues": [
2011
  "AuditIfNotExists",
@@ -2015,9 +2015,9 @@
2015
  },
2016
  "effect-97566dd7-78ae-4997-8b36-1c7bfe0d8121": {
2017
  "type": "String",
2018
  "metadata": {
2019
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2020
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2021
  },
2022
  "allowedValues": [
2023
  "Audit",
@@ -2027,9 +2027,9 @@
2027
  },
2028
  "effect-1d320205-c6a1-4ac6-873d-46224024e8e2": {
2029
  "type": "String",
2030
  "metadata": {
2031
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2032
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2033
  },
2034
  "allowedValues": [
2035
  "AuditIfNotExists",
@@ -2039,9 +2039,9 @@
2039
  },
2040
  "effect-c0e996f8-39cf-4af9-9f45-83fbde810432": {
2041
  "type": "String",
2042
  "metadata": {
2043
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2044
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2045
  },
2046
  "allowedValues": [
2047
  "Audit",
@@ -2059,9 +2059,9 @@
2059
  },
2060
  "effect-d416745a-506c-48b6-8ab1-83cb814bcaa3": {
2061
  "type": "String",
2062
  "metadata": {
2063
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2064
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2065
  },
2066
  "allowedValues": [
2067
  "Audit",
@@ -2079,9 +2079,9 @@
2079
  },
2080
  "effect-6581d072-105e-4418-827f-bd446d56421b": {
2081
  "type": "String",
2082
  "metadata": {
2083
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2084
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2085
  },
2086
  "allowedValues": [
2087
  "AuditIfNotExists",
@@ -2091,9 +2091,9 @@
2091
  },
2092
  "effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833": {
2093
  "type": "String",
2094
  "metadata": {
2095
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2096
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2097
  },
2098
  "allowedValues": [
2099
  "AuditIfNotExists",
@@ -2103,9 +2103,9 @@
2103
  },
2104
  "effect-c9d007d0-c057-4772-b18c-01e546713bcd": {
2105
  "type": "String",
2106
  "metadata": {
2107
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2108
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2109
  },
2110
  "allowedValues": [
2111
  "Audit",
@@ -2116,9 +2116,9 @@
2116
  },
2117
  "effect-ae89ebca-1c92-4898-ac2c-9f63decb045c": {
2118
  "type": "String",
2119
  "metadata": {
2120
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2121
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2122
  },
2123
  "allowedValues": [
2124
  "AuditIfNotExists",
@@ -2128,9 +2128,9 @@
2128
  },
2129
  "effect-d38fc420-0735-4ef3-ac11-c806f651a570": {
2130
  "type": "String",
2131
  "metadata": {
2132
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2133
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2134
  },
2135
  "allowedValues": [
2136
  "AuditIfNotExists",
@@ -2160,9 +2160,9 @@
2160
  },
2161
  "effect-702dd420-7fcc-42c5-afe8-4026edd20fe0": {
2162
  "type": "String",
2163
  "metadata": {
2164
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2165
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2166
  },
2167
  "allowedValues": [
2168
  "Audit",
@@ -2173,9 +2173,9 @@
2173
  },
2174
  "effect-c9299215-ae47-4f50-9c54-8a392f68a052": {
2175
  "type": "String",
2176
  "metadata": {
2177
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2178
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2179
  },
2180
  "allowedValues": [
2181
  "Audit",
@@ -2186,9 +2186,9 @@
2186
  },
2187
  "effect-60d21c4f-21a3-4d94-85f4-b924e6aeeda4": {
2188
  "type": "String",
2189
  "metadata": {
2190
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2191
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2192
  },
2193
  "allowedValues": [
2194
  "Audit",
@@ -2198,9 +2198,9 @@
2198
  },
2199
  "effect-f1776c76-f58c-4245-a8d0-2b207198dc8b": {
2200
  "type": "String",
2201
  "metadata": {
2202
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2203
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2204
  },
2205
  "allowedValues": [
2206
  "AuditIfNotExists",
@@ -2217,9 +2217,9 @@
2217
  },
2218
  "effect-11e3da8c-1d68-4392-badd-0ff3c43ab5b0": {
2219
  "type": "String",
2220
  "metadata": {
2221
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2222
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2223
  },
2224
  "allowedValues": [
2225
  "Audit",
@@ -2229,9 +2229,9 @@
2229
  },
2230
  "effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b": {
2231
  "type": "String",
2232
  "metadata": {
2233
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2234
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2235
  },
2236
  "allowedValues": [
2237
  "Audit",
@@ -2260,9 +2260,9 @@
2260
  },
2261
  "effect-7698e800-9299-47a6-b3b6-5a0fee576eed": {
2262
  "type": "String",
2263
  "metadata": {
2264
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2265
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2266
  },
2267
  "allowedValues": [
2268
  "Audit",
@@ -2272,9 +2272,9 @@
2272
  },
2273
  "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": {
2274
  "type": "String",
2275
  "metadata": {
2276
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2277
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2278
  },
2279
  "allowedValues": [
2280
  "AuditIfNotExists",
@@ -2284,9 +2284,9 @@
2284
  },
2285
  "effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4": {
2286
  "type": "String",
2287
  "metadata": {
2288
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2289
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2290
  },
2291
  "allowedValues": [
2292
  "AuditIfNotExists",
@@ -2304,9 +2304,9 @@
2304
  },
2305
  "effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d": {
2306
  "type": "String",
2307
  "metadata": {
2308
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2309
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2310
  },
2311
  "allowedValues": [
2312
  "Audit",
@@ -2317,9 +2317,9 @@
2317
  },
2318
  "effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e": {
2319
  "type": "String",
2320
  "metadata": {
2321
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2322
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2323
  },
2324
  "allowedValues": [
2325
  "AuditIfNotExists",
@@ -2329,9 +2329,9 @@
2329
  },
2330
  "effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1": {
2331
  "type": "String",
2332
  "metadata": {
2333
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2334
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2335
  },
2336
  "allowedValues": [
2337
  "Audit",
@@ -2342,9 +2342,9 @@
2342
  },
2343
  "effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5": {
2344
  "type": "String",
2345
  "metadata": {
2346
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2347
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2348
  },
2349
  "allowedValues": [
2350
  "AuditIfNotExists",
@@ -2354,9 +2354,9 @@
2354
  },
2355
  "effect-c39ba22d-4428-4149-b981-70acb31fc383": {
2356
  "type": "String",
2357
  "metadata": {
2358
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2359
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2360
  },
2361
  "allowedValues": [
2362
  "Audit",
@@ -2367,9 +2367,9 @@
2367
  },
2368
  "effect-617c02be-7f02-4efd-8836-3180d47b6c68": {
2369
  "type": "String",
2370
  "metadata": {
2371
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2372
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2373
  },
2374
  "allowedValues": [
2375
  "Audit",
@@ -2380,9 +2380,9 @@
2380
  },
2381
  "effect-e345b6c3-24bd-4c93-9bbb-7e5e49a17b78": {
2382
  "type": "String",
2383
  "metadata": {
2384
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2385
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2386
  },
2387
  "allowedValues": [
2388
  "Audit",
@@ -2392,9 +2392,9 @@
2392
  },
2393
  "effect-58440f8a-10c5-4151-bdce-dfbaad4a20b7": {
2394
  "type": "String",
2395
  "metadata": {
2396
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2397
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2398
  },
2399
  "allowedValues": [
2400
  "Audit",
@@ -2433,9 +2433,9 @@
2433
  },
2434
  "effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f": {
2435
  "type": "String",
2436
  "metadata": {
2437
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2438
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2439
  },
2440
  "allowedValues": [
2441
  "Audit",
@@ -2446,9 +2446,9 @@
2446
  },
2447
  "effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8": {
2448
  "type": "String",
2449
  "metadata": {
2450
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2451
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2452
  },
2453
  "allowedValues": [
2454
  "AuditIfNotExists",
@@ -2458,9 +2458,9 @@
2458
  },
2459
  "effect-04c4380f-3fae-46e8-96c9-30193528f602": {
2460
  "type": "String",
2461
  "metadata": {
2462
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2463
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2464
  },
2465
  "allowedValues": [
2466
  "AuditIfNotExists",
@@ -2470,9 +2470,9 @@
2470
  },
2471
  "effect-ca610c1d-041c-4332-9d88-7ed3094967c7": {
2472
  "type": "String",
2473
  "metadata": {
2474
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2475
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2476
  },
2477
  "allowedValues": [
2478
  "AuditIfNotExists",
@@ -2482,9 +2482,9 @@
2482
  },
2483
  "effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858": {
2484
  "type": "String",
2485
  "metadata": {
2486
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2487
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2488
  },
2489
  "allowedValues": [
2490
  "AuditIfNotExists",
@@ -2505,9 +2505,9 @@
2505
  },
2506
  "effect-1c30f9cd-b84c-49cc-aa2c-9288447cc3b3": {
2507
  "type": "String",
2508
  "metadata": {
2509
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2510
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2511
  },
2512
  "allowedValues": [
2513
  "Audit",
@@ -2517,19 +2517,23 @@
2517
  },
2518
  "storagePrefix-c9c29499-c1d1-4195-99bd-2ec9e3a9dc89": {
2519
  "type": "String",
2520
  "metadata": {
2521
- "displayName": "Storage Account Prefix for Regional Storage Account",
2522
- "description": "This prefix will be combined with the network security group location to form the created storage account name."
 
2523
- }
 
2524
  },
2525
  "rgName-c9c29499-c1d1-4195-99bd-2ec9e3a9dc89": {
2526
  "type": "String",
2527
  "metadata": {
2528
- "displayName": "Resource Group Name for Storage Account (must exist)",
2529
  "description": "The resource group that the storage account will be created in. This resource group must already exist.",
2530
- "strongType": "ExistingResourceGroups"
 
2531
- }
 
2532
  },
2533
  "IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112": {
2534
  "type": "String",
2535
  "metadata": {
@@ -2557,9 +2561,9 @@
2557
  },
2558
  "effect-5752e6d6-1206-46d8-8ab1-ecc2f71a8112": {
2559
  "type": "String",
2560
  "metadata": {
2561
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2562
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2563
  },
2564
  "allowedValues": [
2565
  "AuditIfNotExists",
@@ -2569,9 +2573,9 @@
2569
  },
2570
  "effect-1cb4d9c2-f88f-4069-bee0-dba239a57b09": {
2571
  "type": "String",
2572
  "metadata": {
2573
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2574
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2575
  },
2576
  "allowedValues": [
2577
  "AuditIfNotExists",
@@ -2634,9 +2638,9 @@
2634
  },
2635
  "effect-f2143251-70de-4e81-87a8-36cee5a2f29d": {
2636
  "type": "String",
2637
  "metadata": {
2638
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2639
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2640
  },
2641
  "allowedValues": [
2642
  "AuditIfNotExists",
@@ -2646,9 +2650,9 @@
2646
  },
2647
  "effect-cf820ca0-f99e-4f3e-84fb-66e913812d21": {
2648
  "type": "String",
2649
  "metadata": {
2650
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2651
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2652
  },
2653
  "allowedValues": [
2654
  "AuditIfNotExists",
@@ -2666,9 +2670,9 @@
2666
  },
2667
  "effect-82339799-d096-41ae-8538-b108becf0970": {
2668
  "type": "String",
2669
  "metadata": {
2670
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2671
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2672
  },
2673
  "allowedValues": [
2674
  "Audit",
@@ -2678,9 +2682,9 @@
2678
  },
2679
  "effect-146412e9-005c-472b-9e48-c87b72ac229e": {
2680
  "type": "String",
2681
  "metadata": {
2682
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2683
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2684
  },
2685
  "allowedValues": [
2686
  "AuditIfNotExists",
@@ -2712,9 +2716,9 @@
2712
  },
2713
  "effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b": {
2714
  "type": "String",
2715
  "metadata": {
2716
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2717
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2718
  },
2719
  "allowedValues": [
2720
  "AuditIfNotExists",
@@ -2737,9 +2741,9 @@
2737
  },
2738
  "effect-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc": {
2739
  "type": "String",
2740
  "metadata": {
2741
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2742
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2743
  },
2744
  "allowedValues": [
2745
  "AuditIfNotExists",
@@ -2749,9 +2753,9 @@
2749
  },
2750
  "effect-eb907f70-7514-460d-92b3-a5ae93b4f917": {
2751
  "type": "String",
2752
  "metadata": {
2753
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2754
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2755
  },
2756
  "allowedValues": [
2757
  "Audit",
@@ -2761,9 +2765,9 @@
2761
  },
2762
  "effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae": {
2763
  "type": "String",
2764
  "metadata": {
2765
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2766
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2767
  },
2768
  "allowedValues": [
2769
  "AuditIfNotExists",
@@ -2773,9 +2777,9 @@
2773
  },
2774
  "effect-a1ad735a-e96f-45d2-a7b2-9a4932cab7ec": {
2775
  "type": "String",
2776
  "metadata": {
2777
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2778
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2779
  },
2780
  "allowedValues": [
2781
  "Audit",
@@ -2785,9 +2789,9 @@
2785
  },
2786
  "effect-32e6bbec-16b6-44c2-be37-c5b672d103cf": {
2787
  "type": "String",
2788
  "metadata": {
2789
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2790
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2791
  },
2792
  "allowedValues": [
2793
  "Audit",
@@ -2798,9 +2802,9 @@
2798
  },
2799
  "effect-bd876905-5b84-4f73-ab2d-2e7a7c4568d9": {
2800
  "type": "String",
2801
  "metadata": {
2802
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2803
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2804
  },
2805
  "allowedValues": [
2806
  "Audit",
@@ -2811,9 +2815,9 @@
2811
  },
2812
  "effect-34f95f76-5386-4de7-b824-0d8478470c9d": {
2813
  "type": "String",
2814
  "metadata": {
2815
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2816
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2817
  },
2818
  "allowedValues": [
2819
  "AuditIfNotExists",
@@ -2831,9 +2835,9 @@
2831
  },
2832
  "effect-8ac833bd-f505-48d5-887e-c993a1d3eea0": {
2833
  "type": "String",
2834
  "metadata": {
2835
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2836
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2837
  },
2838
  "allowedValues": [
2839
  "AuditIfNotExists",
@@ -2843,9 +2847,9 @@
2843
  },
2844
  "effect-1ee56206-5dd1-42ab-b02d-8aae8b1634ce": {
2845
  "type": "String",
2846
  "metadata": {
2847
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2848
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2849
  },
2850
  "allowedValues": [
2851
  "Audit",
@@ -2855,9 +2859,9 @@
2855
  },
2856
  "effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
2857
  "type": "String",
2858
  "metadata": {
2859
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2860
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2861
  },
2862
  "allowedValues": [
2863
  "AuditIfNotExists",
@@ -2878,9 +2882,9 @@
2878
  },
2879
  "effect-48af4db5-9b8b-401c-8e74-076be876a430": {
2880
  "type": "String",
2881
  "metadata": {
2882
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2883
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2884
  },
2885
  "allowedValues": [
2886
  "Audit",
@@ -2890,9 +2894,9 @@
2890
  },
2891
  "effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2": {
2892
  "type": "String",
2893
  "metadata": {
2894
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2895
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2896
  },
2897
  "allowedValues": [
2898
  "Audit",
@@ -2903,9 +2907,9 @@
2903
  },
2904
  "effect-e15effd4-2278-4c65-a0da-4d6f6d1890e2": {
2905
  "type": "String",
2906
  "metadata": {
2907
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2908
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2909
  },
2910
  "allowedValues": [
2911
  "Deny",
@@ -2916,9 +2920,9 @@
2916
  },
2917
  "effect-7926a6d1-b268-4586-8197-e8ae90c877d7": {
2918
  "type": "String",
2919
  "metadata": {
2920
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2921
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2922
  },
2923
  "allowedValues": [
2924
  "AuditIfNotExists",
@@ -2928,9 +2932,9 @@
2928
  },
2929
  "effect-399b2637-a50f-4f95-96f8-3a145476eb15": {
2930
  "type": "String",
2931
  "metadata": {
2932
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2933
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2934
  },
2935
  "allowedValues": [
2936
  "AuditIfNotExists",
@@ -2952,9 +2956,9 @@
2952
  },
2953
  "effect-82067dbb-e53b-4e06-b631-546d197452d9": {
2954
  "type": "String",
2955
  "metadata": {
2956
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2957
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2958
  },
2959
  "allowedValues": [
2960
  "Audit",
@@ -2965,9 +2969,9 @@
2965
  },
2966
  "effect-12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5": {
2967
  "type": "String",
2968
  "metadata": {
2969
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2970
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2971
  },
2972
  "allowedValues": [
2973
  "Audit",
@@ -2978,9 +2982,9 @@
2978
  },
2979
  "effect-a8793640-60f7-487c-b5c3-1d37215905c4": {
2980
  "type": "String",
2981
  "metadata": {
2982
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2983
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2984
  },
2985
  "allowedValues": [
2986
  "Audit",
@@ -2990,9 +2994,9 @@
2990
  },
2991
  "effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9": {
2992
  "type": "String",
2993
  "metadata": {
2994
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
2995
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2996
  },
2997
  "allowedValues": [
2998
  "AuditIfNotExists",
@@ -3029,9 +3033,9 @@
3029
  },
3030
  "effect-58383b73-94a9-4414-b382-4146eb02611b": {
3031
  "type": "String",
3032
  "metadata": {
3033
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3034
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3035
  },
3036
  "allowedValues": [
3037
  "AuditIfNotExists",
@@ -3059,9 +3063,9 @@
3059
  },
3060
  "effect-32133ab0-ee4b-4b44-98d6-042180979d50": {
3061
  "type": "String",
3062
  "metadata": {
3063
- "displayName": "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3064
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
3065
  "deprecated": true
3066
  },
3067
  "allowedValues": [
@@ -3072,9 +3076,9 @@
3072
  },
3073
  "effect-d0793b48-0edc-4296-a390-4c75d1bdfd71": {
3074
  "type": "String",
3075
  "metadata": {
3076
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3077
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3078
  },
3079
  "allowedValues": [
3080
  "Audit",
@@ -3085,9 +3089,9 @@
3085
  },
3086
  "effect-0a370ff3-6cab-4e85-8995-295fd854c5b8": {
3087
  "type": "String",
3088
  "metadata": {
3089
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3090
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3091
  },
3092
  "allowedValues": [
3093
  "Audit",
@@ -3111,9 +3115,9 @@
3111
  },
3112
  "effect-caf2d518-f029-4f6b-833b-d7081702f253": {
3113
  "type": "String",
3114
  "metadata": {
3115
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3116
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3117
  },
3118
  "allowedValues": [
3119
  "AuditIfNotExists",
@@ -3123,9 +3127,9 @@
3123
  },
3124
  "effect-0b15565f-aa9e-48ba-8619-45960f2c314d": {
3125
  "type": "String",
3126
  "metadata": {
3127
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3128
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3129
  },
3130
  "allowedValues": [
3131
  "AuditIfNotExists",
@@ -3135,9 +3139,9 @@
3135
  },
3136
  "effect-d63edb4a-c612-454d-b47d-191a724fcbf0": {
3137
  "type": "String",
3138
  "metadata": {
3139
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3140
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3141
  },
3142
  "allowedValues": [
3143
  "AuditIfNotExists",
@@ -3147,9 +3151,9 @@
3147
  },
3148
  "effect-9dfea752-dd46-4766-aed1-c355fa93fb91": {
3149
  "type": "String",
3150
  "metadata": {
3151
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3152
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3153
  },
3154
  "allowedValues": [
3155
  "Audit",
@@ -3160,9 +3164,9 @@
3160
  },
3161
  "effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f": {
3162
  "type": "String",
3163
  "metadata": {
3164
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3165
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3166
  },
3167
  "allowedValues": [
3168
  "AuditIfNotExists",
@@ -3192,9 +3196,9 @@
3192
  },
3193
  "effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a": {
3194
  "type": "String",
3195
  "metadata": {
3196
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3197
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3198
  },
3199
  "allowedValues": [
3200
  "Audit",
@@ -3205,9 +3209,9 @@
3205
  },
3206
  "effect-9b597639-28e4-48eb-b506-56b05d366257": {
3207
  "type": "String",
3208
  "metadata": {
3209
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3210
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3211
  },
3212
  "allowedValues": [
3213
  "AuditIfNotExists",
@@ -3217,9 +3221,9 @@
3217
  },
3218
  "effect-438c38d2-3772-465a-a9cc-7a6666a275ce": {
3219
  "type": "String",
3220
  "metadata": {
3221
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3222
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3223
  },
3224
  "allowedValues": [
3225
  "Audit",
@@ -3230,9 +3234,9 @@
3230
  },
3231
  "effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc": {
3232
  "type": "String",
3233
  "metadata": {
3234
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3235
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3236
  },
3237
  "allowedValues": [
3238
  "AuditIfNotExists",
@@ -3242,9 +3246,9 @@
3242
  },
3243
  "effect-a21f8c92-9e22-4f09-b759-50500d1d2dda": {
3244
  "type": "String",
3245
  "metadata": {
3246
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3247
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3248
  },
3249
  "allowedValues": [
3250
  "AuditIfNotExists",
@@ -3254,9 +3258,9 @@
3254
  },
3255
  "effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077": {
3256
  "type": "String",
3257
  "metadata": {
3258
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3259
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3260
  },
3261
  "allowedValues": [
3262
  "Audit",
@@ -3267,9 +3271,9 @@
3267
  },
3268
  "effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e": {
3269
  "type": "String",
3270
  "metadata": {
3271
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3272
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3273
  },
3274
  "allowedValues": [
3275
  "AuditIfNotExists",
@@ -3279,9 +3283,9 @@
3279
  },
3280
  "effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f": {
3281
  "type": "String",
3282
  "metadata": {
3283
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3284
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3285
  },
3286
  "allowedValues": [
3287
  "Audit",
@@ -3292,9 +3296,9 @@
3292
  },
3293
  "effect-13a6c84f-49a5-410a-b5df-5b880c3fe009": {
3294
  "type": "String",
3295
  "metadata": {
3296
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3297
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3298
  },
3299
  "allowedValues": [
3300
  "AuditIfNotExists",
@@ -3304,9 +3308,9 @@
3304
  },
3305
  "effect-057ef27e-665e-4328-8ea3-04b3122bd9fb": {
3306
  "type": "String",
3307
  "metadata": {
3308
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3309
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3310
  },
3311
  "allowedValues": [
3312
  "AuditIfNotExists",
@@ -3332,9 +3336,9 @@
3332
  },
3333
  "effect-d31e5c31-63b2-4f12-887b-e49456834fa1": {
3334
  "type": "String",
3335
  "metadata": {
3336
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3337
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3338
  },
3339
  "allowedValues": [
3340
  "AuditIfNotExists",
@@ -3344,9 +3348,9 @@
3344
  },
3345
  "effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811": {
3346
  "type": "String",
3347
  "metadata": {
3348
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3349
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3350
  },
3351
  "allowedValues": [
3352
  "Audit",
@@ -3357,9 +3361,9 @@
3357
  },
3358
  "effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580": {
3359
  "type": "String",
3360
  "metadata": {
3361
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3362
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3363
  },
3364
  "allowedValues": [
3365
  "Audit",
@@ -3370,9 +3374,9 @@
3370
  },
3371
  "effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457": {
3372
  "type": "String",
3373
  "metadata": {
3374
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3375
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3376
  },
3377
  "allowedValues": [
3378
  "Audit",
@@ -3382,9 +3386,9 @@
3382
  },
3383
  "effect-3657f5a0-770e-44a3-b44e-9431ba1e9735": {
3384
  "type": "String",
3385
  "metadata": {
3386
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3387
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3388
  },
3389
  "allowedValues": [
3390
  "Audit",
@@ -3395,9 +3399,9 @@
3395
  },
3396
  "effect-0e6763cc-5078-4e64-889d-ff4d9a839047": {
3397
  "type": "String",
3398
  "metadata": {
3399
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3400
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3401
  },
3402
  "allowedValues": [
3403
  "AuditIfNotExists",
@@ -3407,9 +3411,9 @@
3407
  },
3408
  "effect-b4dec045-250a-48c2-b5cc-e0c4eec8b5b4": {
3409
  "type": "String",
3410
  "metadata": {
3411
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3412
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3413
  },
3414
  "allowedValues": [
3415
  "AuditIfNotExists",
@@ -3419,9 +3423,9 @@
3419
  },
3420
  "effect-b52376f7-9612-48a1-81cd-1ffe4b61032c": {
3421
  "type": "String",
3422
  "metadata": {
3423
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3424
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3425
  },
3426
  "allowedValues": [
3427
  "Audit",
@@ -3432,9 +3436,9 @@
3432
  },
3433
  "effect-12430be1-6cc8-4527-a9a8-e3d38f250096": {
3434
  "type": "String",
3435
  "metadata": {
3436
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3437
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3438
  },
3439
  "allowedValues": [
3440
  "Audit",
@@ -3457,9 +3461,9 @@
3457
  },
3458
  "effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835": {
3459
  "type": "String",
3460
  "metadata": {
3461
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3462
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3463
  },
3464
  "allowedValues": [
3465
  "AuditIfNotExists",
@@ -3469,9 +3473,9 @@
3469
  },
3470
  "effect-549814b6-3212-4203-bdc8-1548d342fb67": {
3471
  "type": "String",
3472
  "metadata": {
3473
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3474
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3475
  },
3476
  "allowedValues": [
3477
  "Audit",
@@ -3482,9 +3486,9 @@
3482
  },
3483
  "effect-1c06e275-d63d-4540-b761-71f364c2111d": {
3484
  "type": "String",
3485
  "metadata": {
3486
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3487
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3488
  },
3489
  "allowedValues": [
3490
  "AuditIfNotExists",
@@ -3501,9 +3505,9 @@
3501
  },
3502
  "effect-d8cf8476-a2ec-4916-896e-992351803c44": {
3503
  "type": "String",
3504
  "metadata": {
3505
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3506
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3507
  },
3508
  "allowedValues": [
3509
  "Audit",
@@ -3513,9 +3517,9 @@
3513
  },
3514
  "effect-245fc9df-fa96-4414-9a0b-3738c2f7341c": {
3515
  "type": "String",
3516
  "metadata": {
3517
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3518
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3519
  },
3520
  "allowedValues": [
3521
  "AuditIfNotExists",
@@ -3533,9 +3537,9 @@
3533
  },
3534
  "effect-bf045164-79ba-4215-8f95-f8048dc1780b": {
3535
  "type": "String",
3536
  "metadata": {
3537
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3538
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3539
  },
3540
  "allowedValues": [
3541
  "Audit",
@@ -3545,9 +3549,9 @@
3545
  },
3546
  "effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8": {
3547
  "type": "String",
3548
  "metadata": {
3549
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3550
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3551
  },
3552
  "allowedValues": [
3553
  "Audit",
@@ -3558,9 +3562,9 @@
3558
  },
3559
  "effect-af99038c-02fd-4a2f-ac24-386b62bf32de": {
3560
  "type": "String",
3561
  "metadata": {
3562
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3563
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3564
  },
3565
  "allowedValues": [
3566
  "AuditIfNotExists",
@@ -3570,9 +3574,9 @@
3570
  },
3571
  "effect-22730e10-96f6-4aac-ad84-9383d35b5917": {
3572
  "type": "String",
3573
  "metadata": {
3574
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3575
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3576
  },
3577
  "allowedValues": [
3578
  "AuditIfNotExists",
@@ -3582,9 +3586,9 @@
3582
  },
3583
  "effect-4b90e17e-8448-49db-875e-bd83fb6f804f": {
3584
  "type": "String",
3585
  "metadata": {
3586
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3587
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3588
  },
3589
  "allowedValues": [
3590
  "Audit",
@@ -3594,9 +3598,9 @@
3594
  },
3595
  "effect-044985bb-afe1-42cd-8a36-9d5d42424537": {
3596
  "type": "String",
3597
  "metadata": {
3598
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3599
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3600
  },
3601
  "allowedValues": [
3602
  "Audit",
@@ -3607,9 +3611,9 @@
3607
  },
3608
  "effect-ea4d6841-2173-4317-9747-ff522a45120f": {
3609
  "type": "String",
3610
  "metadata": {
3611
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3612
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3613
  },
3614
  "allowedValues": [
3615
  "Audit",
@@ -3619,9 +3623,9 @@
3619
  },
3620
  "effect-9830b652-8523-49cc-b1b3-e17dce1127ca": {
3621
  "type": "String",
3622
  "metadata": {
3623
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3624
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3625
  },
3626
  "allowedValues": [
3627
  "Audit",
@@ -3631,9 +3635,9 @@
3631
  },
3632
  "effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf": {
3633
  "type": "String",
3634
  "metadata": {
3635
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3636
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3637
  },
3638
  "allowedValues": [
3639
  "AuditIfNotExists",
@@ -3643,9 +3647,9 @@
3643
  },
3644
  "effect-abda6d70-9778-44e7-84a8-06713e6db027": {
3645
  "type": "String",
3646
  "metadata": {
3647
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3648
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3649
  },
3650
  "allowedValues": [
3651
  "Audit",
@@ -3656,9 +3660,9 @@
3656
  },
3657
  "effect-090c7b07-b4ed-4561-ad20-e9075f3ccaff": {
3658
  "type": "String",
3659
  "metadata": {
3660
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3661
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3662
  },
3663
  "allowedValues": [
3664
  "AuditIfNotExists",
@@ -3668,9 +3672,9 @@
3668
  },
3669
  "effect-e2c1c086-2d84-4019-bff3-c44ccd95113c": {
3670
  "type": "String",
3671
  "metadata": {
3672
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3673
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3674
  },
3675
  "allowedValues": [
3676
  "AuditIfNotExists",
@@ -3680,9 +3684,9 @@
3680
  },
3681
  "effect-f39f5f49-4abf-44de-8c70-0756997bfb51": {
3682
  "type": "String",
3683
  "metadata": {
3684
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3685
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3686
  },
3687
  "allowedValues": [
3688
  "AuditIfNotExists",
@@ -3710,9 +3714,9 @@
3710
  },
3711
  "effect-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": {
3712
  "type": "String",
3713
  "metadata": {
3714
- "displayName": "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3715
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
3716
  "deprecated": true
3717
  },
3718
  "allowedValues": [
@@ -3743,9 +3747,9 @@
3743
  },
3744
  "effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a": {
3745
  "type": "String",
3746
  "metadata": {
3747
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3748
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3749
  },
3750
  "allowedValues": [
3751
  "AuditIfNotExists",
@@ -3755,9 +3759,9 @@
3755
  },
3756
  "effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15": {
3757
  "type": "String",
3758
  "metadata": {
3759
- "displayName": "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3760
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
3761
  "deprecated": true
3762
  },
3763
  "allowedValues": [
@@ -3768,9 +3772,9 @@
3768
  },
3769
  "effect-0564d078-92f5-4f97-8398-b9f58a51f70b": {
3770
  "type": "String",
3771
  "metadata": {
3772
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3773
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3774
  },
3775
  "allowedValues": [
3776
  "AuditIfNotExists",
@@ -3780,9 +3784,9 @@
3780
  },
3781
  "effect-17f4b1cc-c55c-4d94-b1f9-2978f6ac2957": {
3782
  "type": "String",
3783
  "metadata": {
3784
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3785
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3786
  },
3787
  "allowedValues": [
3788
  "AuditIfNotExists",
@@ -3792,9 +3796,9 @@
3792
  },
3793
  "effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c": {
3794
  "type": "String",
3795
  "metadata": {
3796
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3797
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3798
  },
3799
  "allowedValues": [
3800
  "AuditIfNotExists",
@@ -3812,9 +3816,9 @@
3812
  },
3813
  "effect-6fac406b-40ca-413b-bf8e-0bf964659c25": {
3814
  "type": "String",
3815
  "metadata": {
3816
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3817
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3818
  },
3819
  "allowedValues": [
3820
  "Audit",
@@ -3824,9 +3828,9 @@
3824
  },
3825
  "effect-0a1302fb-a631-4106-9753-f3d494733990": {
3826
  "type": "String",
3827
  "metadata": {
3828
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3829
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3830
  },
3831
  "allowedValues": [
3832
  "AuditIfNotExists",
@@ -3836,9 +3840,9 @@
3836
  },
3837
  "effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab": {
3838
  "type": "String",
3839
  "metadata": {
3840
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3841
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3842
  },
3843
  "allowedValues": [
3844
  "Audit",
@@ -3849,9 +3853,9 @@
3849
  },
3850
  "effect-b954148f-4c11-4c38-8221-be76711e194a": {
3851
  "type": "String",
3852
  "metadata": {
3853
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3854
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3855
  },
3856
  "allowedValues": [
3857
  "AuditIfNotExists",
@@ -3880,9 +3884,9 @@
3880
  },
3881
  "effect-0fea8f8a-4169-495d-8307-30ec335f387d": {
3882
  "type": "String",
3883
  "metadata": {
3884
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3885
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3886
  },
3887
  "allowedValues": [
3888
  "Audit",
@@ -3892,9 +3896,9 @@
3892
  },
3893
  "effect-6edd7eda-6dd8-40f7-810d-67160c639cd9": {
3894
  "type": "String",
3895
  "metadata": {
3896
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3897
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3898
  },
3899
  "allowedValues": [
3900
  "AuditIfNotExists",
@@ -3916,9 +3920,9 @@
3916
  },
3917
  "effect-bfecdea6-31c4-4045-ad42-71b9dc87247d": {
3918
  "type": "String",
3919
  "metadata": {
3920
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3921
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3922
  },
3923
  "allowedValues": [
3924
  "Audit",
@@ -3929,9 +3933,9 @@
3929
  },
3930
  "effect-7595c971-233d-4bcf-bd18-596129188c49": {
3931
  "type": "String",
3932
  "metadata": {
3933
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3934
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3935
  },
3936
  "allowedValues": [
3937
  "AuditIfNotExists",
@@ -3941,9 +3945,9 @@
3941
  },
3942
  "effect-19dd1db6-f442-49cf-a838-b0786b4401ef": {
3943
  "type": "String",
3944
  "metadata": {
3945
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3946
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3947
  },
3948
  "allowedValues": [
3949
  "AuditIfNotExists",
@@ -3953,9 +3957,9 @@
3953
  },
3954
  "effect-d9844e8a-1437-4aeb-a32c-0c992f056095": {
3955
  "type": "String",
3956
  "metadata": {
3957
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3958
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3959
  },
3960
  "allowedValues": [
3961
  "Audit",
@@ -3966,9 +3970,9 @@
3966
  },
3967
  "effect-72d11df1-dd8a-41f7-8925-b05b960ebafc": {
3968
  "type": "String",
3969
  "metadata": {
3970
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3971
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3972
  },
3973
  "allowedValues": [
3974
  "Audit",
@@ -3978,9 +3982,9 @@
3978
  },
3979
  "effect-e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9": {
3980
  "type": "String",
3981
  "metadata": {
3982
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
3983
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3984
  },
3985
  "allowedValues": [
3986
  "Audit",
@@ -4011,9 +4015,9 @@
4011
  },
4012
  "effect-ee984370-154a-4ee8-9726-19d900e56fc0": {
4013
  "type": "String",
4014
  "metadata": {
4015
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4016
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4017
  },
4018
  "allowedValues": [
4019
  "AuditIfNotExists",
@@ -4023,9 +4027,9 @@
4023
  },
4024
  "effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9": {
4025
  "type": "String",
4026
  "metadata": {
4027
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4028
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4029
  },
4030
  "allowedValues": [
4031
  "AuditIfNotExists",
@@ -4035,9 +4039,9 @@
4035
  },
4036
  "effect-1f90fc71-a595-4066-8974-d4d0802e8ef0": {
4037
  "type": "String",
4038
  "metadata": {
4039
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4040
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4041
  },
4042
  "allowedValues": [
4043
  "AuditIfNotExists",
@@ -4047,9 +4051,9 @@
4047
  },
4048
  "effect-f85bf3e0-d513-442e-89c3-1784ad63382b": {
4049
  "type": "String",
4050
  "metadata": {
4051
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4052
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4053
  },
4054
  "allowedValues": [
4055
  "AuditIfNotExists",
@@ -4059,9 +4063,9 @@
4059
  },
4060
  "effect-78215662-041e-49ed-a9dd-5385911b3a1f": {
4061
  "type": "String",
4062
  "metadata": {
4063
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4064
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4065
  },
4066
  "allowedValues": [
4067
  "Audit",
@@ -4085,9 +4089,9 @@
4085
  },
4086
  "effect-da0f98fe-a24b-4ad5-af69-bd0400233661": {
4087
  "type": "String",
4088
  "metadata": {
4089
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4090
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4091
  },
4092
  "allowedValues": [
4093
  "AuditIfNotExists",
@@ -4097,9 +4101,9 @@
4097
  },
4098
  "effect-df73bd95-24da-4a4f-96b9-4e8b94b402bd": {
4099
  "type": "String",
4100
  "metadata": {
4101
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4102
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4103
  },
4104
  "allowedValues": [
4105
  "AuditIfNotExists",
@@ -4122,9 +4126,9 @@
4122
  },
4123
  "effect-1c988dd6-ade4-430f-a608-2a3e5b0a6d38": {
4124
  "type": "String",
4125
  "metadata": {
4126
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4127
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4128
  },
4129
  "allowedValues": [
4130
  "AuditIfNotExists",
@@ -4134,9 +4138,9 @@
4134
  },
4135
  "effect-d550e854-df1a-4de9-bf44-cd894b39a95e": {
4136
  "type": "String",
4137
  "metadata": {
4138
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4139
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4140
  },
4141
  "allowedValues": [
4142
  "Audit",
@@ -4147,9 +4151,9 @@
4147
  },
4148
  "effect-1dc2fc00-2245-4143-99f4-874c937f13ef": {
4149
  "type": "String",
4150
  "metadata": {
4151
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4152
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4153
  },
4154
  "allowedValues": [
4155
  "Audit",
@@ -4160,9 +4164,9 @@
4160
  },
4161
  "effect-051cba44-2429-45b9-9649-46cec11c7119": {
4162
  "type": "String",
4163
  "metadata": {
4164
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4165
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4166
  },
4167
  "allowedValues": [
4168
  "Audit",
@@ -4172,9 +4176,9 @@
4172
  },
4173
  "effect-672fe5a1-2fcd-42d7-b85d-902b6e28c6ff": {
4174
  "type": "String",
4175
  "metadata": {
4176
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4177
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4178
  },
4179
  "allowedValues": [
4180
  "AuditIfNotExists",
@@ -4184,9 +4188,9 @@
4184
  },
4185
  "effect-e71308d3-144b-4262-b144-efdc3cc90517": {
4186
  "type": "String",
4187
  "metadata": {
4188
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4189
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4190
  },
4191
  "allowedValues": [
4192
  "AuditIfNotExists",
@@ -4196,9 +4200,9 @@
4196
  },
4197
  "effect-41425d9f-d1a5-499a-9932-f8ed8453932c": {
4198
  "type": "String",
4199
  "metadata": {
4200
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4201
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4202
  },
4203
  "allowedValues": [
4204
  "Audit",
@@ -4229,9 +4233,9 @@
4229
  },
4230
  "effect-5d4e3c65-4873-47be-94f3-6f8b953a3598": {
4231
  "type": "String",
4232
  "metadata": {
4233
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4234
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4235
  },
4236
  "allowedValues": [
4237
  "Audit",
@@ -4242,9 +4246,9 @@
4242
  },
4243
  "effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a": {
4244
  "type": "String",
4245
  "metadata": {
4246
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4247
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4248
  },
4249
  "allowedValues": [
4250
  "Audit",
@@ -4255,9 +4259,9 @@
4255
  },
4256
  "effect-fc4d8e41-e223-45ea-9bf5-eada37891d87": {
4257
  "type": "String",
4258
  "metadata": {
4259
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4260
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4261
  },
4262
  "allowedValues": [
4263
  "Audit",
@@ -4268,9 +4272,9 @@
4268
  },
4269
  "effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66": {
4270
  "type": "String",
4271
  "metadata": {
4272
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4273
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4274
  },
4275
  "allowedValues": [
4276
  "Audit",
@@ -4281,9 +4285,9 @@
4281
  },
4282
  "effect-1f314764-cb73-4fc9-b863-8eca98ac36e9": {
4283
  "type": "String",
4284
  "metadata": {
4285
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4286
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4287
  },
4288
  "allowedValues": [
4289
  "AuditIfNotExists",
@@ -4293,9 +4297,9 @@
4293
  },
4294
  "effect-c3d20c29-b36d-48fe-808b-99a87530ad99": {
4295
  "type": "String",
4296
  "metadata": {
4297
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4298
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4299
  },
4300
  "allowedValues": [
4301
  "AuditIfNotExists",
@@ -4305,9 +4309,9 @@
4305
  },
4306
  "effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46": {
4307
  "type": "String",
4308
  "metadata": {
4309
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4310
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4311
  },
4312
  "allowedValues": [
4313
  "AuditIfNotExists",
@@ -4325,9 +4329,9 @@
4325
  },
4326
  "effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45": {
4327
  "type": "String",
4328
  "metadata": {
4329
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4330
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4331
  },
4332
  "allowedValues": [
4333
  "AuditIfNotExists",
@@ -4345,9 +4349,9 @@
4345
  },
4346
  "effect-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": {
4347
  "type": "String",
4348
  "metadata": {
4349
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4350
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4351
  },
4352
  "allowedValues": [
4353
  "AuditIfNotExists",
@@ -4375,9 +4379,9 @@
4375
  },
4376
  "effect-013e242c-8828-4970-87b3-ab247555486d": {
4377
  "type": "String",
4378
  "metadata": {
4379
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4380
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4381
  },
4382
  "allowedValues": [
4383
  "AuditIfNotExists",
@@ -4387,9 +4391,9 @@
4387
  },
4388
  "effect-6c53d030-cc64-46f0-906d-2bc061cd1334": {
4389
  "type": "String",
4390
  "metadata": {
4391
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4392
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4393
  },
4394
  "allowedValues": [
4395
  "Audit",
@@ -4400,9 +4404,9 @@
4400
  },
4401
  "effect-8405fdab-1faf-48aa-b702-999c9c172094": {
4402
  "type": "String",
4403
  "metadata": {
4404
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4405
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4406
  },
4407
  "allowedValues": [
4408
  "Audit",
@@ -4412,9 +4416,9 @@
4412
  },
4413
  "effect-fc5e4038-4584-4632-8c85-c0448d374b2c": {
4414
  "type": "String",
4415
  "metadata": {
4416
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4417
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4418
  },
4419
  "allowedValues": [
4420
  "AuditIfNotExists",
@@ -4424,9 +4428,9 @@
4424
  },
4425
  "effect-2154edb9-244f-4741-9970-660785bccdaa": {
4426
  "type": "String",
4427
  "metadata": {
4428
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4429
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4430
  },
4431
  "allowedValues": [
4432
  "Audit",
@@ -4449,9 +4453,9 @@
4449
  },
4450
  "effect-a6abeaec-4d90-4a02-805f-6b26c4d3fbe9": {
4451
  "type": "String",
4452
  "metadata": {
4453
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4454
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4455
  },
4456
  "allowedValues": [
4457
  "Audit",
@@ -4462,9 +4466,9 @@
4462
  },
4463
  "effect-b5ec538c-daa0-4006-8596-35468b9148e8": {
4464
  "type": "String",
4465
  "metadata": {
4466
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4467
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4468
  },
4469
  "allowedValues": [
4470
  "Audit",
@@ -4475,9 +4479,9 @@
4475
  },
4476
  "effect-037eea7a-bd0a-46c5-9a66-03aea78705d3": {
4477
  "type": "String",
4478
  "metadata": {
4479
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4480
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4481
  },
4482
  "allowedValues": [
4483
  "Audit",
@@ -4488,9 +4492,9 @@
4488
  },
4489
  "effect-21a6bc25-125e-4d13-b82d-2e19b7208ab7": {
4490
  "type": "String",
4491
  "metadata": {
4492
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4493
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4494
  },
4495
  "allowedValues": [
4496
  "Audit",
@@ -4501,9 +4505,9 @@
4501
  },
4502
  "effect-6ba6d016-e7c3-4842-b8f2-4992ebc0d72d": {
4503
  "type": "String",
4504
  "metadata": {
4505
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4506
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4507
  },
4508
  "allowedValues": [
4509
  "AuditIfNotExists",
@@ -4513,9 +4517,9 @@
4513
  },
4514
  "effect-1bc02227-0cb6-4e11-8f53-eb0b22eab7e8": {
4515
  "type": "String",
4516
  "metadata": {
4517
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4518
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4519
  },
4520
  "allowedValues": [
4521
  "Audit",
@@ -4548,9 +4552,9 @@
4548
  },
4549
  "effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2": {
4550
  "type": "String",
4551
  "metadata": {
4552
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4553
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4554
  },
4555
  "allowedValues": [
4556
  "AuditIfNotExists",
@@ -4582,9 +4586,9 @@
4582
  },
4583
  "effect-237b38db-ca4d-4259-9e47-7882441ca2c0": {
4584
  "type": "String",
4585
  "metadata": {
4586
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4587
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4588
  },
4589
  "allowedValues": [
4590
  "AuditIfNotExists",
@@ -4602,9 +4606,9 @@
4602
  },
4603
  "effect-0a075868-4c26-42ef-914c-5bc007359560": {
4604
  "type": "String",
4605
  "metadata": {
4606
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4607
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4608
  },
4609
  "allowedValues": [
4610
  "Audit",
@@ -4615,9 +4619,9 @@
4615
  },
4616
  "effect-56fd377d-098c-4f02-8406-81eb055902b8": {
4617
  "type": "String",
4618
  "metadata": {
4619
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4620
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4621
  },
4622
  "allowedValues": [
4623
  "Audit",
@@ -4627,9 +4631,9 @@
4627
  },
4628
  "effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d": {
4629
  "type": "String",
4630
  "metadata": {
4631
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4632
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4633
  },
4634
  "allowedValues": [
4635
  "AuditIfNotExists",
@@ -4655,9 +4659,9 @@
4655
  },
4656
  "effect-e2dd799a-a932-4e9d-ac17-d473bc3c6c10": {
4657
  "type": "String",
4658
  "metadata": {
4659
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4660
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4661
  },
4662
  "allowedValues": [
4663
  "AuditIfNotExists",
@@ -4667,9 +4671,9 @@
4667
  },
4668
  "effect-deeddb44-9f94-4903-9fa0-081d524406e3": {
4669
  "type": "String",
4670
  "metadata": {
4671
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4672
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4673
  },
4674
  "allowedValues": [
4675
  "Audit",
@@ -4679,9 +4683,9 @@
4679
  },
4680
  "effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9": {
4681
  "type": "String",
4682
  "metadata": {
4683
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4684
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4685
  },
4686
  "allowedValues": [
4687
  "AuditIfNotExists",
@@ -4691,9 +4695,9 @@
4691
  },
4692
  "effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9": {
4693
  "type": "String",
4694
  "metadata": {
4695
- "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
4696
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4697
  },
4698
  "allowedValues": [
4699
  "AuditIfNotExists",
@@ -5549,19 +5553,8 @@
5549
  "EU_GDPR_2016_679_Art._32"
5550
  ]
5551
  },
5552
  {
5553
- "policyDefinitionReferenceId": "497dff13-db2a-4c0f-8603-28fa3b331ab6",
5554
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6",
5555
- "definitionVersion": "4.*.*",
5556
- "groupNames": [
5557
- "EU_GDPR_2016_679_Art._24",
5558
- "EU_GDPR_2016_679_Art._25",
5559
- "EU_GDPR_2016_679_Art._28",
5560
- "EU_GDPR_2016_679_Art._32"
5561
- ]
5562
- },
5563
- {
5564
  "policyDefinitionReferenceId": "87845465-c458-45f3-af66-dcd62176f397",
5565
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87845465-c458-45f3-af66-dcd62176f397",
5566
  "definitionVersion": "3.*.*",
5567
  "parameters": {
@@ -5703,19 +5696,8 @@
5703
  "EU_GDPR_2016_679_Art._32"
5704
  ]
5705
  },
5706
  {
5707
- "policyDefinitionReferenceId": "331e8ea8-378a-410f-a2e5-ae22f38bb0da",
5708
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da",
5709
- "definitionVersion": "3.*.*",
5710
- "groupNames": [
5711
- "EU_GDPR_2016_679_Art._24",
5712
- "EU_GDPR_2016_679_Art._25",
5713
- "EU_GDPR_2016_679_Art._28",
5714
- "EU_GDPR_2016_679_Art._32"
5715
- ]
5716
- },
5717
- {
5718
  "policyDefinitionReferenceId": "f71be03e-e25b-4d0f-b8bc-9b3e309b66c0",
5719
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0",
5720
  "definitionVersion": "3.*.*",
5721
  "parameters": {
@@ -5819,20 +5801,8 @@
5819
  "EU_GDPR_2016_679_Art._32"
5820
  ]
5821
  },
5822
  {
5823
- "policyDefinitionReferenceId": "35f9c03a-cc27-418e-9c0c-539ff999d010",
5824
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010",
5825
- "definitionVersion": "1.*.*",
5826
- "parameters": {},
5827
- "groupNames": [
5828
- "EU_GDPR_2016_679_Art._24",
5829
- "EU_GDPR_2016_679_Art._25",
5830
- "EU_GDPR_2016_679_Art._28",
5831
- "EU_GDPR_2016_679_Art._32"
5832
- ]
5833
- },
5834
- {
5835
  "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0",
5836
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0",
5837
  "definitionVersion": "1.*.*",
5838
  "parameters": {
@@ -5863,20 +5833,8 @@
5863
  "EU_GDPR_2016_679_Art._32"
5864
  ]
5865
  },
5866
  {
5867
- "policyDefinitionReferenceId": "a9b99dd8-06c5-4317-8629-9d86a3c6e7d9",
5868
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9",
5869
- "definitionVersion": "1.*.*",
5870
- "parameters": {},
5871
- "groupNames": [
5872
- "EU_GDPR_2016_679_Art._24",
5873
- "EU_GDPR_2016_679_Art._25",
5874
- "EU_GDPR_2016_679_Art._28",
5875
- "EU_GDPR_2016_679_Art._32"
5876
- ]
5877
- },
5878
- {
5879
  "policyDefinitionReferenceId": "69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
5880
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
5881
  "definitionVersion": "2.*.*",
5882
  "parameters": {
@@ -6690,19 +6648,8 @@
6690
  "EU_GDPR_2016_679_Art._32"
6691
  ]
6692
  },
6693
  {
6694
- "policyDefinitionReferenceId": "385f5831-96d4-41db-9a3c-cd3af78aaae6",
6695
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6",
6696
- "definitionVersion": "1.*.*",
6697
- "groupNames": [
6698
- "EU_GDPR_2016_679_Art._24",
6699
- "EU_GDPR_2016_679_Art._25",
6700
- "EU_GDPR_2016_679_Art._28",
6701
- "EU_GDPR_2016_679_Art._32"
6702
- ]
6703
- },
6704
- {
6705
  "policyDefinitionReferenceId": "7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
6706
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
6707
  "definitionVersion": "1.*.*",
6708
  "parameters": {
@@ -7497,27 +7444,8 @@
7497
  "EU_GDPR_2016_679_Art._32"
7498
  ]
7499
  },
7500
  {
7501
- "policyDefinitionReferenceId": "c9c29499-c1d1-4195-99bd-2ec9e3a9dc89",
7502
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89",
7503
- "definitionVersion": "2.*.*",
7504
- "parameters": {
7505
- "storagePrefix": {
7506
- "value": "[parameters('storagePrefix-c9c29499-c1d1-4195-99bd-2ec9e3a9dc89')]"
7507
- },
7508
- "rgName": {
7509
- "value": "[parameters('rgName-c9c29499-c1d1-4195-99bd-2ec9e3a9dc89')]"
7510
- }
7511
- },
7512
- "groupNames": [
7513
- "EU_GDPR_2016_679_Art._24",
7514
- "EU_GDPR_2016_679_Art._25",
7515
- "EU_GDPR_2016_679_Art._28",
7516
- "EU_GDPR_2016_679_Art._32"
7517
- ]
7518
- },
7519
- {
7520
  "policyDefinitionReferenceId": "5752e6d6-1206-46d8-8ab1-ecc2f71a8112",
7521
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112",
7522
  "definitionVersion": "4.*.*",
7523
  "parameters": {
@@ -8078,19 +8006,8 @@
8078
  "EU_GDPR_2016_679_Art._32"
8079
  ]
8080
  },
8081
  {
8082
- "policyDefinitionReferenceId": "3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
8083
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
8084
- "definitionVersion": "4.*.*",
8085
- "groupNames": [
8086
- "EU_GDPR_2016_679_Art._24",
8087
- "EU_GDPR_2016_679_Art._25",
8088
- "EU_GDPR_2016_679_Art._28",
8089
- "EU_GDPR_2016_679_Art._32"
8090
- ]
8091
- },
8092
- {
8093
  "policyDefinitionReferenceId": "d63edb4a-c612-454d-b47d-191a724fcbf0",
8094
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0",
8095
  "definitionVersion": "1.*.*",
8096
  "parameters": {
@@ -8482,20 +8399,8 @@
8482
  "EU_GDPR_2016_679_Art._32"
8483
  ]
8484
  },
8485
  {
8486
- "policyDefinitionReferenceId": "2835b622-407b-4114-9198-6f7064cbe0dc",
8487
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc",
8488
- "definitionVersion": "1.*.*",
8489
- "parameters": {},
8490
- "groupNames": [
8491
- "EU_GDPR_2016_679_Art._24",
8492
- "EU_GDPR_2016_679_Art._25",
8493
- "EU_GDPR_2016_679_Art._28",
8494
- "EU_GDPR_2016_679_Art._32"
8495
- ]
8496
- },
8497
- {
8498
  "policyDefinitionReferenceId": "0a9fbe0d-c5c4-4da8-87d8-f4fd77338835",
8499
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a9fbe0d-c5c4-4da8-87d8-f4fd77338835",
8500
  "definitionVersion": "1.*.*",
8501
  "parameters": {
@@ -9867,8 +9772,10 @@
9867
  "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/EU_GDPR_2016_679_Art._34"
9868
  }
9869
  ],
9870
  "versions": [
 
 
9871
  "1.3.0",
9872
  "1.2.0",
9873
  "1.1.0",
9874
  "1.0.0"
 
1
  {
2
  "displayName": "EU General Data Protection Regulation (GDPR) 2016/679",
3
  "description": "Comprehensive data protection law regulating personal data processing within the EU.",
4
  "metadata": {
5
+ "version": "1.4.0",
6
  "category": "Regulatory Compliance"
7
  },
8
+ "version": "1.4.0",
9
  "parameters": {
10
  "effect-45e05259-1eb5-4f70-9574-baf73e9d219b": {
11
  "type": "String",
12
  "metadata": {
13
+ "displayName": "Effect for policy: Azure Machine Learning workspaces should use private link",
14
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
15
  },
16
  "allowedValues": [
17
  "Audit",
 
21
  },
22
  "effect-81e74cea-30fd-40d5-802f-d72103c2aaaa": {
23
  "type": "String",
24
  "metadata": {
25
+ "displayName": "Effect for policy: Azure Data Explorer encryption at rest should use a customer-managed key",
26
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
27
  },
28
  "allowedValues": [
29
  "Audit",
 
34
  },
35
  "effect-f655e522-adff-494d-95c2-52d4f6d56a42": {
36
  "type": "String",
37
  "metadata": {
38
+ "displayName": "Effect for policy: Guest Attestation extension should be installed on supported Windows virtual machines scale sets",
39
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
40
  },
41
  "allowedValues": [
42
  "AuditIfNotExists",
 
46
  },
47
  "effect-40e85574-ef33-47e8-a854-7a65c7500560": {
48
  "type": "String",
49
  "metadata": {
50
+ "displayName": "Effect for policy: Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled",
51
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
52
  },
53
  "allowedValues": [
54
  "AuditIfNotExists",
 
58
  },
59
  "effect-fa298e57-9444-42ba-bf04-86e8470e32c7": {
60
  "type": "String",
61
  "metadata": {
62
+ "displayName": "Effect for policy: Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption",
63
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
64
  },
65
  "allowedValues": [
66
  "Audit",
 
71
  },
72
  "effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0": {
73
  "type": "String",
74
  "metadata": {
75
+ "displayName": "Effect for policy: Service Fabric clusters should only use Azure Active Directory for client authentication",
76
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
77
  },
78
  "allowedValues": [
79
  "Audit",
 
97
  },
98
  "effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023": {
99
  "type": "String",
100
  "metadata": {
101
+ "displayName": "Effect for policy: Audit Linux machines that allow remote connections from accounts without passwords",
102
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
103
  },
104
  "allowedValues": [
105
  "AuditIfNotExists",
 
109
  },
110
  "effect-df39c015-56a4-45de-b4a3-efe77bed320d": {
111
  "type": "String",
112
  "metadata": {
113
+ "displayName": "Effect for policy: IoT Hub device provisioning service instances should use private link",
114
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
115
  },
116
  "allowedValues": [
117
  "Audit",
 
121
  },
122
  "effect-3b980d31-7904-4bb7-8575-5665739a8052": {
123
  "type": "String",
124
  "metadata": {
125
+ "displayName": "Effect for policy: An activity log alert should exist for specific Security operations",
126
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
127
  },
128
  "allowedValues": [
129
  "AuditIfNotExists",
 
145
  },
146
  "effect-c251913d-7d24-4958-af87-478ed3b9ba41": {
147
  "type": "String",
148
  "metadata": {
149
+ "displayName": "Effect for policy: Flow logs should be configured for every network security group",
150
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
151
  },
152
  "allowedValues": [
153
  "Audit",
 
157
  },
158
  "effect-47031206-ce96-41f8-861b-6a915f3de284": {
159
  "type": "String",
160
  "metadata": {
161
+ "displayName": "Effect for policy: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK)",
162
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
163
  },
164
  "allowedValues": [
165
  "Audit",
 
170
  },
171
  "effect-6b2122c1-8120-4ff5-801b-17625a355590": {
172
  "type": "String",
173
  "metadata": {
174
+ "displayName": "Effect for policy: Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed",
175
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
176
  },
177
  "allowedValues": [
178
  "AuditIfNotExists",
 
182
  },
183
  "effect-2e94d99a-8a36-4563-bc77-810d8893b671": {
184
  "type": "String",
185
  "metadata": {
186
+ "displayName": "Effect for policy: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data",
187
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
188
  },
189
  "allowedValues": [
190
  "Audit",
 
207
  },
208
  "effect-a1817ec0-a368-432a-8057-8371e17ac6ee": {
209
  "type": "String",
210
  "metadata": {
211
+ "displayName": "Effect for policy: All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace",
212
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
213
  },
214
  "allowedValues": [
215
  "Audit",
 
220
  },
221
  "effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb": {
222
  "type": "String",
223
  "metadata": {
224
+ "displayName": "Effect for policy: Azure Defender for App Service should be enabled",
225
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
226
  },
227
  "allowedValues": [
228
  "AuditIfNotExists",
 
232
  },
233
  "effect-0a15ec92-a229-4763-bb14-0ea34a568f8d": {
234
  "type": "String",
235
  "metadata": {
236
+ "displayName": "Effect for policy: Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters",
237
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
238
  },
239
  "allowedValues": [
240
  "Audit",
 
244
  },
245
  "effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9": {
246
  "type": "String",
247
  "metadata": {
248
+ "displayName": "Effect for policy: Function apps should have remote debugging turned off",
249
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
250
  },
251
  "allowedValues": [
252
  "AuditIfNotExists",
 
256
  },
257
  "effect-a2a5b911-5617-447e-a49e-59dbe0e0434b": {
258
  "type": "String",
259
  "metadata": {
260
+ "displayName": "Effect for policy: Resource logs in Azure Key Vault Managed HSM should be enabled",
261
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
262
  },
263
  "allowedValues": [
264
  "AuditIfNotExists",
 
276
  },
277
  "effect-7804b5c7-01dc-4723-969b-ae300cc07ff1": {
278
  "type": "String",
279
  "metadata": {
280
+ "displayName": "Effect for policy: Azure Machine Learning Computes should be in a virtual network",
281
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
282
  },
283
  "allowedValues": [
284
  "Audit",
 
288
  },
289
  "effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c": {
290
  "type": "String",
291
  "metadata": {
292
+ "displayName": "Effect for policy: Azure Web Application Firewall should be enabled for Azure Front Door entry-points",
293
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
294
  },
295
  "allowedValues": [
296
  "Audit",
 
301
  },
302
  "effect-3e596b57-105f-48a6-be97-03e9243bad6e": {
303
  "type": "String",
304
  "metadata": {
305
+ "displayName": "Effect for policy: Azure Monitor solution 'Security and Audit' must be deployed",
306
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
307
  },
308
  "allowedValues": [
309
  "AuditIfNotExists",
 
313
  },
314
  "effect-3dc5edcd-002d-444c-b216-e123bbfa37c0": {
315
  "type": "String",
316
  "metadata": {
317
+ "displayName": "Effect for policy: Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost.",
318
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
319
  },
320
  "allowedValues": [
321
  "AuditIfNotExists",
 
325
  },
326
  "effect-8af8f826-edcb-4178-b35f-851ea6fea615": {
327
  "type": "String",
328
  "metadata": {
329
+ "displayName": "Effect for policy: Azure Container Instance container group should deploy into a virtual network",
330
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
331
  },
332
  "allowedValues": [
333
  "Audit",
 
338
  },
339
  "effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5": {
340
  "type": "String",
341
  "metadata": {
342
+ "displayName": "Effect for policy: Audit usage of custom RBAC roles",
343
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
344
  },
345
  "allowedValues": [
346
  "Audit",
 
350
  },
351
  "effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d": {
352
  "type": "String",
353
  "metadata": {
354
+ "displayName": "Effect for policy: Virtual machines should be migrated to new Azure Resource Manager resources",
355
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
356
  },
357
  "allowedValues": [
358
  "Audit",
 
363
  },
364
  "effect-7ff426e2-515f-405a-91c8-4f2333442eb5": {
365
  "type": "String",
366
  "metadata": {
367
+ "displayName": "Effect for policy: SQL Auditing settings should have Action-Groups configured to capture critical activities",
368
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
369
  },
370
  "allowedValues": [
371
  "AuditIfNotExists",
 
375
  },
376
  "effect-71ef260a-8f18-47b7-abcb-62d0673d94dc": {
377
  "type": "String",
378
  "metadata": {
379
+ "displayName": "Effect for policy: Azure AI Services resources should have key access disabled (disable local authentication)",
380
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
381
  },
382
  "allowedValues": [
383
  "Audit",
 
388
  },
389
  "effect-e8eef0a8-67cf-4eb4-9386-14b0e78733d4": {
390
  "type": "String",
391
  "metadata": {
392
+ "displayName": "Effect for policy: Container registries should use private link",
393
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
394
  },
395
  "allowedValues": [
396
  "Audit",
 
400
  },
401
  "effect-98728c90-32c7-4049-8429-847dc0f4fe37": {
402
  "type": "String",
403
  "metadata": {
404
+ "displayName": "Effect for policy: Key Vault secrets should have an expiration date",
405
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
406
  },
407
  "allowedValues": [
408
  "Audit",
 
413
  },
414
  "effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2": {
415
  "type": "String",
416
  "metadata": {
417
+ "displayName": "Effect for policy: Cosmos DB database accounts should have local authentication methods disabled",
418
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
419
  },
420
  "allowedValues": [
421
  "Audit",
 
447
  },
448
  "effect-33936777-f2ac-45aa-82ec-07958ec9ade4": {
449
  "type": "String",
450
  "metadata": {
451
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Audit'",
452
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
453
  },
454
  "allowedValues": [
455
  "AuditIfNotExists",
 
459
  },
460
  "effect-83a214f7-d01a-484b-91a9-ed54470c9a6a": {
461
  "type": "String",
462
  "metadata": {
463
+ "displayName": "Effect for policy: Resource logs in Event Hub should be enabled",
464
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
465
  },
466
  "allowedValues": [
467
  "AuditIfNotExists",
 
479
  },
480
  "effect-f9d614c5-c173-4d56-95a7-b4437057d193": {
481
  "type": "String",
482
  "metadata": {
483
+ "displayName": "Effect for policy: Function apps should use the latest TLS version",
484
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
485
  },
486
  "allowedValues": [
487
  "AuditIfNotExists",
 
491
  },
492
  "effect-3ac7c827-eea2-4bde-acc7-9568cd320efa": {
493
  "type": "String",
494
  "metadata": {
495
+ "displayName": "Effect for policy: Machines should have secret findings resolved",
496
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
497
  },
498
  "allowedValues": [
499
  "AuditIfNotExists",
 
503
  },
504
  "effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d": {
505
  "type": "String",
506
  "metadata": {
507
+ "displayName": "Effect for policy: Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK)",
508
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
509
  },
510
  "allowedValues": [
511
  "Audit",
 
541
  },
542
  "effect-4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b": {
543
  "type": "String",
544
  "metadata": {
545
+ "displayName": "Effect for policy: App Service apps should require FTPS only",
546
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
547
  },
548
  "allowedValues": [
549
  "AuditIfNotExists",
 
553
  },
554
  "effect-18adea5e-f416-4d0f-8aa8-d24321e3e274": {
555
  "type": "String",
556
  "metadata": {
557
+ "displayName": "Effect for policy: PostgreSQL servers should use customer-managed keys to encrypt data at rest",
558
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
559
  },
560
  "allowedValues": [
561
  "AuditIfNotExists",
 
565
  },
566
  "effect-0e246bcf-5f6f-4f87-bc6f-775d4712c7ea": {
567
  "type": "String",
568
  "metadata": {
569
+ "displayName": "Effect for policy: Authorized IP ranges should be defined on Kubernetes Services",
570
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
571
  },
572
  "allowedValues": [
573
  "Audit",
 
577
  },
578
  "effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": {
579
  "type": "String",
580
  "metadata": {
581
+ "displayName": "Effect for policy: Key Vault keys should have an expiration date",
582
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
583
  },
584
  "allowedValues": [
585
  "Audit",
 
590
  },
591
  "effect-0fdf0491-d080-4575-b627-ad0e843cba0f": {
592
  "type": "String",
593
  "metadata": {
594
+ "displayName": "Effect for policy: Public network access should be disabled for Container registries",
595
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
596
  },
597
  "allowedValues": [
598
  "Audit",
 
603
  },
604
  "effect-a4af4a39-4135-47fb-b175-47fbdf85311d": {
605
  "type": "String",
606
  "metadata": {
607
+ "displayName": "Effect for policy: App Service apps should only be accessible over HTTPS",
608
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
609
  },
610
  "allowedValues": [
611
  "Audit",
 
616
  },
617
  "effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6": {
618
  "type": "String",
619
  "metadata": {
620
+ "displayName": "Effect for policy: Resource logs in Azure Machine Learning Workspaces should be enabled",
621
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
622
  },
623
  "allowedValues": [
624
  "AuditIfNotExists",
 
636
  },
637
  "effect-404c3081-a854-4457-ae30-26a93ef643f9": {
638
  "type": "String",
639
  "metadata": {
640
+ "displayName": "Effect for policy: Secure transfer to storage accounts should be enabled",
641
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
642
  },
643
  "allowedValues": [
644
  "Audit",
 
649
  },
650
  "effect-f7d52b2d-e161-4dfa-a82b-55e564167385": {
651
  "type": "String",
652
  "metadata": {
653
+ "displayName": "Effect for policy: Azure Synapse workspaces should use customer-managed keys to encrypt data at rest",
654
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
655
  },
656
  "allowedValues": [
657
  "Audit",
 
662
  },
663
  "effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67": {
664
  "type": "String",
665
  "metadata": {
666
+ "displayName": "Effect for policy: Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys",
667
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
668
  },
669
  "allowedValues": [
670
  "Audit",
 
675
  },
676
  "effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": {
677
  "type": "String",
678
  "metadata": {
679
+ "displayName": "Effect for policy: Vulnerability assessment should be enabled on your SQL servers",
680
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
681
  },
682
  "allowedValues": [
683
  "AuditIfNotExists",
 
687
  },
688
  "effect-295fc8b1-dc9f-4f53-9c61-3f313ceab40a": {
689
  "type": "String",
690
  "metadata": {
691
+ "displayName": "Effect for policy: Service Bus Premium namespaces should use a customer-managed key for encryption",
692
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
693
  },
694
  "allowedValues": [
695
  "Audit",
 
699
  },
700
  "effect-0049a6b3-a662-4f3e-8635-39cf44ace45a": {
701
  "type": "String",
702
  "metadata": {
703
+ "displayName": "Effect for policy: Vulnerability assessment should be enabled on your Synapse workspaces",
704
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
705
  },
706
  "allowedValues": [
707
  "AuditIfNotExists",
 
724
  },
725
  "effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd": {
726
  "type": "String",
727
  "metadata": {
728
+ "displayName": "Effect for policy: Linux machines should meet requirements for the Azure compute security baseline",
729
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
730
  },
731
  "allowedValues": [
732
  "AuditIfNotExists",
 
736
  },
737
  "effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d": {
738
  "type": "String",
739
  "metadata": {
740
+ "displayName": "Effect for policy: Enforce SSL connection should be enabled for MySQL database servers",
741
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
742
  },
743
  "allowedValues": [
744
  "Audit",
 
748
  },
749
  "effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af": {
750
  "type": "String",
751
  "metadata": {
752
+ "displayName": "Effect for policy: Enforce SSL connection should be enabled for PostgreSQL database servers",
753
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
754
  },
755
  "allowedValues": [
756
  "Audit",
 
773
  },
774
  "effect-87845465-c458-45f3-af66-dcd62176f397": {
775
  "type": "String",
776
  "metadata": {
777
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'System Audit Policies - Privilege Use'",
778
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
779
  },
780
  "allowedValues": [
781
  "AuditIfNotExists",
 
785
  },
786
  "effect-efbde977-ba53-4479-b8e9-10b957924fbf": {
787
  "type": "String",
788
  "metadata": {
789
+ "displayName": "Effect for policy: The Log Analytics extension should be installed on Virtual Machine Scale Sets",
790
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
791
  },
792
  "allowedValues": [
793
  "AuditIfNotExists",
 
810
  },
811
  "effect-e6955644-301c-44b5-a4c4-528577de6861": {
812
  "type": "String",
813
  "metadata": {
814
+ "displayName": "Effect for policy: Audit Linux machines that do not have the passwd file permissions set to 0644",
815
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
816
  },
817
  "allowedValues": [
818
  "AuditIfNotExists",
 
835
  },
836
  "effect-630c64f9-8b6b-4c64-b511-6544ceff6fd6": {
837
  "type": "String",
838
  "metadata": {
839
+ "displayName": "Effect for policy: Authentication to Linux machines should require SSH keys",
840
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
841
  },
842
  "allowedValues": [
843
  "AuditIfNotExists",
 
872
  },
873
  "effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40": {
874
  "type": "String",
875
  "metadata": {
876
+ "displayName": "Effect for policy: Windows Defender Exploit Guard should be enabled on your machines",
877
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
878
  },
879
  "allowedValues": [
880
  "AuditIfNotExists",
 
884
  },
885
  "effect-1b8ca024-1d5c-4dec-8995-b1a932b41780": {
886
  "type": "String",
887
  "metadata": {
888
+ "displayName": "Effect for policy: Public network access on Azure SQL Database should be disabled",
889
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
890
  },
891
  "allowedValues": [
892
  "Audit",
 
897
  },
898
  "effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f": {
899
  "type": "String",
900
  "metadata": {
901
+ "displayName": "Effect for policy: Function apps should use managed identity",
902
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
903
  },
904
  "allowedValues": [
905
  "AuditIfNotExists",
 
909
  },
910
  "effect-f4b53539-8df9-40e4-86c6-6b607703bd4e": {
911
  "type": "String",
912
  "metadata": {
913
+ "displayName": "Effect for policy: Disk encryption should be enabled on Azure Data Explorer",
914
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
915
  },
916
  "allowedValues": [
917
  "Audit",
 
943
  },
944
  "effect-f71be03e-e25b-4d0f-b8bc-9b3e309b66c0": {
945
  "type": "String",
946
  "metadata": {
947
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Recovery console'",
948
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
949
  },
950
  "allowedValues": [
951
  "AuditIfNotExists",
 
955
  },
956
  "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": {
957
  "type": "String",
958
  "metadata": {
959
+ "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled",
960
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
961
  },
962
  "allowedValues": [
963
  "AuditIfNotExists",
 
967
  },
968
  "effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb": {
969
  "type": "String",
970
  "metadata": {
971
+ "displayName": "Effect for policy: Azure Cosmos DB accounts should have firewall rules",
972
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
973
  },
974
  "allowedValues": [
975
  "Audit",
 
980
  },
981
  "effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6": {
982
  "type": "String",
983
  "metadata": {
984
+ "displayName": "Effect for policy: Azure Container Instance container group should use customer-managed key for encryption",
985
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
986
  },
987
  "allowedValues": [
988
  "Audit",
 
993
  },
994
  "effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b": {
995
  "type": "String",
996
  "metadata": {
997
+ "displayName": "Effect for policy: App Service apps should use the latest TLS version",
998
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
999
  },
1000
  "allowedValues": [
1001
  "AuditIfNotExists",
 
1024
  },
1025
  "effect-75c4f823-d65c-4f29-a733-01d0077fdbcb": {
1026
  "type": "String",
1027
  "metadata": {
1028
+ "displayName": "Effect for policy: Keys should be the specified cryptographic type RSA or EC",
1029
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1030
  },
1031
  "allowedValues": [
1032
  "Audit",
 
1037
  },
1038
  "effect-0ec47710-77ff-4a3d-9181-6aa50af424d0": {
1039
  "type": "String",
1040
  "metadata": {
1041
+ "displayName": "Effect for policy: Geo-redundant backup should be enabled for Azure Database for MariaDB",
1042
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1043
  },
1044
  "allowedValues": [
1045
  "Audit",
 
1049
  },
1050
  "effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57": {
1051
  "type": "String",
1052
  "metadata": {
1053
+ "displayName": "Effect for policy: Microsoft Antimalware for Azure should be configured to automatically update protection signatures",
1054
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1055
  },
1056
  "allowedValues": [
1057
  "AuditIfNotExists",
 
1081
  },
1082
  "effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7": {
1083
  "type": "String",
1084
  "metadata": {
1085
+ "displayName": "Effect for policy: Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'",
1086
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1087
  },
1088
  "allowedValues": [
1089
  "AuditIfNotExists",
 
1093
  },
1094
  "effect-428256e6-1fac-4f48-a757-df34c2b3336d": {
1095
  "type": "String",
1096
  "metadata": {
1097
+ "displayName": "Effect for policy: Resource logs in Batch accounts should be enabled",
1098
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1099
  },
1100
  "allowedValues": [
1101
  "AuditIfNotExists",
 
1113
  },
1114
  "effect-2158ddbe-fefa-408e-b43f-d4faef8ff3b8": {
1115
  "type": "String",
1116
  "metadata": {
1117
+ "displayName": "Effect for policy: Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation",
1118
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1119
  },
1120
  "allowedValues": [
1121
  "Audit",
 
1126
  },
1127
  "effect-797b37f7-06b8-444c-b1ad-fc62867f335a": {
1128
  "type": "String",
1129
  "metadata": {
1130
+ "displayName": "Effect for policy: Azure Cosmos DB should disable public network access",
1131
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1132
  },
1133
  "allowedValues": [
1134
  "Audit",
 
1139
  },
1140
  "effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb": {
1141
  "type": "String",
1142
  "metadata": {
1143
+ "displayName": "Effect for policy: Only secure connections to your Azure Cache for Redis should be enabled",
1144
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1145
  },
1146
  "allowedValues": [
1147
  "Audit",
 
1152
  },
1153
  "effect-6e2593d9-add6-4083-9c9b-4b7d2188c899": {
1154
  "type": "String",
1155
  "metadata": {
1156
+ "displayName": "Effect for policy: Email notification for high severity alerts should be enabled",
1157
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1158
  },
1159
  "allowedValues": [
1160
  "AuditIfNotExists",
 
1177
  },
1178
  "effect-94d9aca8-3757-46df-aa51-f218c5f11954": {
1179
  "type": "String",
1180
  "metadata": {
1181
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'System Audit Policies - Account Management'",
1182
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1183
  },
1184
  "allowedValues": [
1185
  "AuditIfNotExists",
 
1189
  },
1190
  "effect-9daedab3-fb2d-461e-b861-71790eead4f6": {
1191
  "type": "String",
1192
  "metadata": {
1193
+ "displayName": "Effect for policy: All network ports should be restricted on network security groups associated to your virtual machine",
1194
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1195
  },
1196
  "allowedValues": [
1197
  "AuditIfNotExists",
 
1201
  },
1202
  "effect-8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54": {
1203
  "type": "String",
1204
  "metadata": {
1205
+ "displayName": "Effect for policy: Storage accounts should prevent shared key access",
1206
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1207
  },
1208
  "allowedValues": [
1209
  "Audit",
 
1214
  },
1215
  "effect-2d21331d-a4c2-4def-a9ad-ee4e1e023beb": {
1216
  "type": "String",
1217
  "metadata": {
1218
+ "displayName": "Effect for policy: App Service apps should use a virtual network service endpoint",
1219
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1220
  },
1221
  "allowedValues": [
1222
  "AuditIfNotExists",
 
1226
  },
1227
  "effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b": {
1228
  "type": "String",
1229
  "metadata": {
1230
+ "displayName": "Effect for policy: Azure Automation accounts should use customer-managed keys to encrypt data at rest",
1231
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1232
  },
1233
  "allowedValues": [
1234
  "Audit",
 
1274
  },
1275
  "effect-bf16e0bb-31e1-4646-8202-60a235cc7e74": {
1276
  "type": "String",
1277
  "metadata": {
1278
+ "displayName": "Effect for policy: Audit Windows machines that do not have the password complexity setting enabled",
1279
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1280
  },
1281
  "allowedValues": [
1282
  "AuditIfNotExists",
 
1286
  },
1287
  "effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f": {
1288
  "type": "String",
1289
  "metadata": {
1290
+ "displayName": "Effect for policy: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed",
1291
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1292
  },
1293
  "allowedValues": [
1294
  "AuditIfNotExists",
 
1298
  },
1299
  "effect-46aa9b05-0e60-4eae-a88b-1e9d374fa515": {
1300
  "type": "String",
1301
  "metadata": {
1302
+ "displayName": "Effect for policy: Cognitive Services accounts should use customer owned storage",
1303
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1304
  },
1305
  "allowedValues": [
1306
  "Audit",
 
1311
  },
1312
  "effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9": {
1313
  "type": "String",
1314
  "metadata": {
1315
+ "displayName": "Effect for policy: Azure Defender for SQL should be enabled for unprotected Azure SQL servers",
1316
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1317
  },
1318
  "allowedValues": [
1319
  "AuditIfNotExists",
 
1323
  },
1324
  "effect-91a78b24-f231-4a8a-8da9-02c35b2b6510": {
1325
  "type": "String",
1326
  "metadata": {
1327
+ "displayName": "Effect for policy: App Service apps should have resource logs enabled",
1328
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1329
  },
1330
  "allowedValues": [
1331
  "AuditIfNotExists",
 
1351
  },
1352
  "effect-d461a302-a187-421a-89ac-84acdb4edc04": {
1353
  "type": "String",
1354
  "metadata": {
1355
+ "displayName": "Effect for policy: Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption",
1356
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1357
  },
1358
  "allowedValues": [
1359
  "Audit",
 
1364
  },
1365
  "effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34": {
1366
  "type": "String",
1367
  "metadata": {
1368
+ "displayName": "Effect for policy: Azure Defender for SQL should be enabled for unprotected MySQL flexible servers",
1369
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1370
  },
1371
  "allowedValues": [
1372
  "AuditIfNotExists",
 
1376
  },
1377
  "effect-ca91455f-eace-4f96-be59-e6e2c35b4816": {
1378
  "type": "String",
1379
  "metadata": {
1380
+ "displayName": "Effect for policy: Managed disks should be double encrypted with both platform-managed and customer-managed keys",
1381
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1382
  },
1383
  "allowedValues": [
1384
  "Audit",
 
1389
  },
1390
  "effect-f4826e5f-6a27-407c-ae3e-9582eb39891d": {
1391
  "type": "String",
1392
  "metadata": {
1393
+ "displayName": "Effect for policy: Authorization rules on the Event Hub instance should be defined",
1394
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1395
  },
1396
  "allowedValues": [
1397
  "AuditIfNotExists",
 
1401
  },
1402
  "effect-7803067c-7d34-46e3-8c79-0ca68fc4036d": {
1403
  "type": "String",
1404
  "metadata": {
1405
+ "displayName": "Effect for policy: Azure Cache for Redis should use private link",
1406
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1407
  },
1408
  "allowedValues": [
1409
  "AuditIfNotExists",
 
1413
  },
1414
  "effect-34c877ad-507e-4c82-993e-3452a6e0ad3c": {
1415
  "type": "String",
1416
  "metadata": {
1417
+ "displayName": "Effect for policy: Storage accounts should restrict network access",
1418
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1419
  },
1420
  "allowedValues": [
1421
  "Audit",
 
1426
  },
1427
  "effect-ab6a902f-9493-453b-928d-62c30b11b5a6": {
1428
  "type": "String",
1429
  "metadata": {
1430
+ "displayName": "Effect for policy: Function apps should have Client Certificates (Incoming client certificates) enabled",
1431
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1432
  },
1433
  "allowedValues": [
1434
  "AuditIfNotExists",
 
1438
  },
1439
  "effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606": {
1440
  "type": "String",
1441
  "metadata": {
1442
+ "displayName": "Effect for policy: Storage accounts should be migrated to new Azure Resource Manager resources",
1443
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1444
  },
1445
  "allowedValues": [
1446
  "Audit",
 
1451
  },
1452
  "effect-3d9f5e4c-9947-4579-9539-2a7695fbc187": {
1453
  "type": "String",
1454
  "metadata": {
1455
+ "displayName": "Effect for policy: App Configuration should disable public network access",
1456
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1457
  },
1458
  "allowedValues": [
1459
  "Audit",
 
1464
  },
1465
  "effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c": {
1466
  "type": "String",
1467
  "metadata": {
1468
+ "displayName": "Effect for policy: Internet-facing virtual machines should be protected with network security groups",
1469
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1470
  },
1471
  "allowedValues": [
1472
  "AuditIfNotExists",
 
1476
  },
1477
  "effect-009a0c92-f5b4-4776-9b66-4ed2b4775563": {
1478
  "type": "String",
1479
  "metadata": {
1480
+ "displayName": "Effect for policy: Private endpoint connections on Batch accounts should be enabled",
1481
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1482
  },
1483
  "allowedValues": [
1484
  "AuditIfNotExists",
 
1488
  },
1489
  "effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7": {
1490
  "type": "String",
1491
  "metadata": {
1492
+ "displayName": "Effect for policy: Azure Stream Analytics jobs should use customer-managed keys to encrypt data",
1493
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1494
  },
1495
  "allowedValues": [
1496
  "Audit",
 
1501
  },
1502
  "effect-fb893a29-21bb-418c-a157-e99480ec364c": {
1503
  "type": "String",
1504
  "metadata": {
1505
+ "displayName": "Effect for policy: Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version",
1506
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1507
  },
1508
  "allowedValues": [
1509
  "Audit",
 
1513
  },
1514
  "effect-2b9ad585-36bc-4615-b300-fd4435808332": {
1515
  "type": "String",
1516
  "metadata": {
1517
+ "displayName": "Effect for policy: App Service apps should use managed identity",
1518
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1519
  },
1520
  "allowedValues": [
1521
  "AuditIfNotExists",
 
1525
  },
1526
  "effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4": {
1527
  "type": "String",
1528
  "metadata": {
1529
+ "displayName": "Effect for policy: Azure Spring Cloud should use network injection",
1530
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1531
  },
1532
  "allowedValues": [
1533
  "Audit",
 
1553
  },
1554
  "effect-2393d2cf-a342-44cd-a2e2-fe0188fd1234": {
1555
  "type": "String",
1556
  "metadata": {
1557
+ "displayName": "Effect for policy: Azure SignalR Service should use private link",
1558
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1559
  },
1560
  "allowedValues": [
1561
  "Audit",
 
1565
  },
1566
  "effect-b8564268-eb4a-4337-89be-a19db070c59d": {
1567
  "type": "String",
1568
  "metadata": {
1569
+ "displayName": "Effect for policy: Event Hub namespaces should use private link",
1570
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1571
  },
1572
  "allowedValues": [
1573
  "AuditIfNotExists",
 
1577
  },
1578
  "effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": {
1579
  "type": "String",
1580
  "metadata": {
1581
+ "displayName": "Effect for policy: Key vaults should have deletion protection enabled",
1582
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1583
  },
1584
  "allowedValues": [
1585
  "Audit",
 
1590
  },
1591
  "effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1": {
1592
  "type": "String",
1593
  "metadata": {
1594
+ "displayName": "Effect for policy: App Configuration should use a customer-managed key",
1595
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1596
  },
1597
  "allowedValues": [
1598
  "Audit",
 
1603
  },
1604
  "effect-e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f": {
1605
  "type": "String",
1606
  "metadata": {
1607
+ "displayName": "Effect for policy: Azure Machine Learning Computes should have local authentication methods disabled",
1608
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1609
  },
1610
  "allowedValues": [
1611
  "Audit",
 
1616
  },
1617
  "effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751": {
1618
  "type": "String",
1619
  "metadata": {
1620
+ "displayName": "Effect for policy: Storage account public access should be disallowed",
1621
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1622
  },
1623
  "allowedValues": [
1624
  "Audit",
 
1629
  },
1630
  "effect-c4857be7-912a-4c75-87e6-e30292bcdf78": {
1631
  "type": "String",
1632
  "metadata": {
1633
+ "displayName": "Effect for policy: Container Registry should use a virtual network service endpoint",
1634
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1635
  },
1636
  "allowedValues": [
1637
  "Audit",
 
1657
  },
1658
  "effect-11ac78e3-31bc-4f0c-8434-37ab963cea07": {
1659
  "type": "String",
1660
  "metadata": {
1661
+ "displayName": "Effect for policy: Dependency agent should be enabled for listed virtual machine images",
1662
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1663
  },
1664
  "allowedValues": [
1665
  "AuditIfNotExists",
 
1691
  },
1692
  "effect-4ceb8dc2-559c-478b-a15b-733fbf1e3738": {
1693
  "type": "String",
1694
  "metadata": {
1695
+ "displayName": "Effect for policy: Audit Windows machines that do not have the maximum password age set to specified number of days",
1696
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1697
  },
1698
  "allowedValues": [
1699
  "AuditIfNotExists",
 
1703
  },
1704
  "effect-fe83a0eb-a853-422d-aac2-1bffd182c5d0": {
1705
  "type": "String",
1706
  "metadata": {
1707
+ "displayName": "Effect for policy: Storage accounts should have the specified minimum TLS version",
1708
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1709
  },
1710
  "allowedValues": [
1711
  "Audit",
 
1738
  },
1739
  "effect-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
1740
  "type": "String",
1741
  "metadata": {
1742
+ "displayName": "[Deprecated]: Effect for policy: Virtual machines should be connected to a specified workspace",
1743
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
1744
  "deprecated": true
1745
  },
1746
  "allowedValues": [
 
1751
  },
1752
  "effect-ae5d2f14-d830-42b6-9899-df6cfe9c71a3": {
1753
  "type": "String",
1754
  "metadata": {
1755
+ "displayName": "Effect for policy: SQL Server should use a virtual network service endpoint",
1756
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1757
  },
1758
  "allowedValues": [
1759
  "AuditIfNotExists",
 
1763
  },
1764
  "effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d": {
1765
  "type": "String",
1766
  "metadata": {
1767
+ "displayName": "Effect for policy: Azure Defender for servers should be enabled",
1768
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1769
  },
1770
  "allowedValues": [
1771
  "AuditIfNotExists",
 
1775
  },
1776
  "effect-a1840de2-8088-4ea8-b153-b4c723e9cb01": {
1777
  "type": "String",
1778
  "metadata": {
1779
+ "displayName": "Effect for policy: Azure Kubernetes Service clusters should have Defender profile enabled",
1780
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1781
  },
1782
  "allowedValues": [
1783
  "Audit",
 
1800
  },
1801
  "effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99": {
1802
  "type": "String",
1803
  "metadata": {
1804
+ "displayName": "Effect for policy: Audit Linux machines that have accounts without passwords",
1805
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1806
  },
1807
  "allowedValues": [
1808
  "AuditIfNotExists",
 
1812
  },
1813
  "effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2": {
1814
  "type": "String",
1815
  "metadata": {
1816
+ "displayName": "Effect for policy: Azure Defender for Azure SQL Database servers should be enabled",
1817
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1818
  },
1819
  "allowedValues": [
1820
  "AuditIfNotExists",
 
1824
  },
1825
  "effect-fa498b91-8a7e-4710-9578-da944c68d1fe": {
1826
  "type": "String",
1827
  "metadata": {
1828
+ "displayName": "Effect for policy: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled",
1829
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1830
  },
1831
  "allowedValues": [
1832
  "Audit",
 
1836
  },
1837
  "effect-a70ca396-0a34-413a-88e1-b956c1e683be": {
1838
  "type": "String",
1839
  "metadata": {
1840
+ "displayName": "[Deprecated]: Effect for policy: Virtual machines should have the Log Analytics extension installed",
1841
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
1842
  "deprecated": true
1843
  },
1844
  "allowedValues": [
 
1849
  },
1850
  "effect-7796937f-307b-4598-941c-67d3a05ebfe7": {
1851
  "type": "String",
1852
  "metadata": {
1853
+ "displayName": "Effect for policy: Azure subscriptions should have a log profile for Activity Log",
1854
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1855
  },
1856
  "allowedValues": [
1857
  "AuditIfNotExists",
 
1861
  },
1862
  "effect-89099bee-89e0-4b26-a5f4-165451757743": {
1863
  "type": "String",
1864
  "metadata": {
1865
+ "displayName": "Effect for policy: SQL servers with auditing to storage account destination should be configured with 90 days retention or higher",
1866
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1867
  },
1868
  "allowedValues": [
1869
  "AuditIfNotExists",
 
1873
  },
1874
  "effect-fb74e86f-d351-4b8d-b034-93da7391c01f": {
1875
  "type": "String",
1876
  "metadata": {
1877
+ "displayName": "Effect for policy: App Service Environment should have internal encryption enabled",
1878
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1879
  },
1880
  "allowedValues": [
1881
  "Audit",
 
1904
  },
1905
  "effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255": {
1906
  "type": "String",
1907
  "metadata": {
1908
+ "displayName": "Effect for policy: Keys using elliptic curve cryptography should have the specified curve names",
1909
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1910
  },
1911
  "allowedValues": [
1912
  "Audit",
 
1917
  },
1918
  "effect-842c54e8-c2f9-4d79-ae8d-38d8b8019373": {
1919
  "type": "String",
1920
  "metadata": {
1921
+ "displayName": "Effect for policy: Log Analytics extension should be installed on your Linux Azure Arc machines",
1922
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1923
  },
1924
  "allowedValues": [
1925
  "AuditIfNotExists",
 
1929
  },
1930
  "effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71": {
1931
  "type": "String",
1932
  "metadata": {
1933
+ "displayName": "Effect for policy: App Service apps should have remote debugging turned off",
1934
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1935
  },
1936
  "allowedValues": [
1937
  "AuditIfNotExists",
 
1941
  },
1942
  "effect-17k78e20-9358-41c9-923c-fb736d382a12": {
1943
  "type": "String",
1944
  "metadata": {
1945
+ "displayName": "Effect for policy: Transparent Data Encryption on SQL databases should be enabled",
1946
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1947
  },
1948
  "allowedValues": [
1949
  "AuditIfNotExists",
 
1953
  },
1954
  "effect-4c3c6c5f-0d47-4402-99b8-aa543dd8bcee": {
1955
  "type": "String",
1956
  "metadata": {
1957
+ "displayName": "Effect for policy: Audit flow logs configuration for every virtual network",
1958
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1959
  },
1960
  "allowedValues": [
1961
  "Audit",
 
1965
  },
1966
  "effect-d6759c02-b87f-42b7-892e-71b3f471d782": {
1967
  "type": "String",
1968
  "metadata": {
1969
+ "displayName": "Effect for policy: Azure AI Services resources should use Azure Private Link",
1970
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1971
  },
1972
  "allowedValues": [
1973
  "Audit",
 
1977
  },
1978
  "effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48": {
1979
  "type": "String",
1980
  "metadata": {
1981
+ "displayName": "Effect for policy: Public network access should be disabled for PostgreSQL flexible servers",
1982
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1983
  },
1984
  "allowedValues": [
1985
  "Audit",
 
1990
  },
1991
  "effect-970f84d8-71b6-4091-9979-ace7e3fb6dbb": {
1992
  "type": "String",
1993
  "metadata": {
1994
+ "displayName": "Effect for policy: HPC Cache accounts should use customer-managed key for encryption",
1995
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
1996
  },
1997
  "allowedValues": [
1998
  "Audit",
 
2003
  },
2004
  "effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a": {
2005
  "type": "String",
2006
  "metadata": {
2007
+ "displayName": "Effect for policy: Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity",
2008
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2009
  },
2010
  "allowedValues": [
2011
  "AuditIfNotExists",
 
2015
  },
2016
  "effect-97566dd7-78ae-4997-8b36-1c7bfe0d8121": {
2017
  "type": "String",
2018
  "metadata": {
2019
+ "displayName": "Effect for policy: Secure Boot should be enabled on supported Windows virtual machines",
2020
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2021
  },
2022
  "allowedValues": [
2023
  "Audit",
 
2027
  },
2028
  "effect-1d320205-c6a1-4ac6-873d-46224024e8e2": {
2029
  "type": "String",
2030
  "metadata": {
2031
+ "displayName": "Effect for policy: Azure File Sync should use private link",
2032
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2033
  },
2034
  "allowedValues": [
2035
  "AuditIfNotExists",
 
2039
  },
2040
  "effect-c0e996f8-39cf-4af9-9f45-83fbde810432": {
2041
  "type": "String",
2042
  "metadata": {
2043
+ "displayName": "Effect for policy: Only approved VM extensions should be installed",
2044
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2045
  },
2046
  "allowedValues": [
2047
  "Audit",
 
2059
  },
2060
  "effect-d416745a-506c-48b6-8ab1-83cb814bcaa3": {
2061
  "type": "String",
2062
  "metadata": {
2063
+ "displayName": "Effect for policy: Virtual machines should be connected to an approved virtual network",
2064
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2065
  },
2066
  "allowedValues": [
2067
  "Audit",
 
2079
  },
2080
  "effect-6581d072-105e-4418-827f-bd446d56421b": {
2081
  "type": "String",
2082
  "metadata": {
2083
+ "displayName": "Effect for policy: Azure Defender for SQL servers on machines should be enabled",
2084
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2085
  },
2086
  "allowedValues": [
2087
  "AuditIfNotExists",
 
2091
  },
2092
  "effect-83cef61d-dbd1-4b20-a4fc-5fbc7da10833": {
2093
  "type": "String",
2094
  "metadata": {
2095
+ "displayName": "Effect for policy: MySQL servers should use customer-managed keys to encrypt data at rest",
2096
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2097
  },
2098
  "allowedValues": [
2099
  "AuditIfNotExists",
 
2103
  },
2104
  "effect-c9d007d0-c057-4772-b18c-01e546713bcd": {
2105
  "type": "String",
2106
  "metadata": {
2107
+ "displayName": "Effect for policy: Storage accounts should allow access from trusted Microsoft services",
2108
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2109
  },
2110
  "allowedValues": [
2111
  "Audit",
 
2116
  },
2117
  "effect-ae89ebca-1c92-4898-ac2c-9f63decb045c": {
2118
  "type": "String",
2119
  "metadata": {
2120
+ "displayName": "Effect for policy: Guest Configuration extension should be installed on your machines",
2121
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2122
  },
2123
  "allowedValues": [
2124
  "AuditIfNotExists",
 
2128
  },
2129
  "effect-d38fc420-0735-4ef3-ac11-c806f651a570": {
2130
  "type": "String",
2131
  "metadata": {
2132
+ "displayName": "Effect for policy: Long-term geo-redundant backup should be enabled for Azure SQL Databases",
2133
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2134
  },
2135
  "allowedValues": [
2136
  "AuditIfNotExists",
 
2160
  },
2161
  "effect-702dd420-7fcc-42c5-afe8-4026edd20fe0": {
2162
  "type": "String",
2163
  "metadata": {
2164
+ "displayName": "Effect for policy: OS and data disks should be encrypted with a customer-managed key",
2165
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2166
  },
2167
  "allowedValues": [
2168
  "Audit",
 
2173
  },
2174
  "effect-c9299215-ae47-4f50-9c54-8a392f68a052": {
2175
  "type": "String",
2176
  "metadata": {
2177
+ "displayName": "Effect for policy: Public network access should be disabled for MySQL flexible servers",
2178
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2179
  },
2180
  "allowedValues": [
2181
  "Audit",
 
2186
  },
2187
  "effect-60d21c4f-21a3-4d94-85f4-b924e6aeeda4": {
2188
  "type": "String",
2189
  "metadata": {
2190
+ "displayName": "Effect for policy: Storage Accounts should use a virtual network service endpoint",
2191
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2192
  },
2193
  "allowedValues": [
2194
  "Audit",
 
2198
  },
2199
  "effect-f1776c76-f58c-4245-a8d0-2b207198dc8b": {
2200
  "type": "String",
2201
  "metadata": {
2202
+ "displayName": "Effect for policy: Virtual networks should use specified virtual network gateway",
2203
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2204
  },
2205
  "allowedValues": [
2206
  "AuditIfNotExists",
 
2217
  },
2218
  "effect-11e3da8c-1d68-4392-badd-0ff3c43ab5b0": {
2219
  "type": "String",
2220
  "metadata": {
2221
+ "displayName": "Effect for policy: Recovery Services vaults should use private link",
2222
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2223
  },
2224
  "allowedValues": [
2225
  "Audit",
 
2229
  },
2230
  "effect-ef619a2c-cc4d-4d03-b2ba-8c94a834d85b": {
2231
  "type": "String",
2232
  "metadata": {
2233
+ "displayName": "Effect for policy: API Management services should use a virtual network",
2234
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2235
  },
2236
  "allowedValues": [
2237
  "Audit",
 
2260
  },
2261
  "effect-7698e800-9299-47a6-b3b6-5a0fee576eed": {
2262
  "type": "String",
2263
  "metadata": {
2264
+ "displayName": "Effect for policy: Private endpoint connections on Azure SQL Database should be enabled",
2265
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2266
  },
2267
  "allowedValues": [
2268
  "Audit",
 
2272
  },
2273
  "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": {
2274
  "type": "String",
2275
  "metadata": {
2276
+ "displayName": "Effect for policy: Subscriptions should have a contact email address for security issues",
2277
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2278
  },
2279
  "allowedValues": [
2280
  "AuditIfNotExists",
 
2284
  },
2285
  "effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4": {
2286
  "type": "String",
2287
  "metadata": {
2288
+ "displayName": "Effect for policy: Resource logs in IoT Hub should be enabled",
2289
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2290
  },
2291
  "allowedValues": [
2292
  "AuditIfNotExists",
 
2304
  },
2305
  "effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d": {
2306
  "type": "String",
2307
  "metadata": {
2308
+ "displayName": "Effect for policy: Key vaults should have soft delete enabled",
2309
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2310
  },
2311
  "allowedValues": [
2312
  "Audit",
 
2317
  },
2318
  "effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e": {
2319
  "type": "String",
2320
  "metadata": {
2321
+ "displayName": "Effect for policy: Microsoft Defender for Azure Cosmos DB should be enabled",
2322
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2323
  },
2324
  "allowedValues": [
2325
  "AuditIfNotExists",
 
2329
  },
2330
  "effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1": {
2331
  "type": "String",
2332
  "metadata": {
2333
+ "displayName": "Effect for policy: Double encryption should be enabled on Azure Data Explorer",
2334
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2335
  },
2336
  "allowedValues": [
2337
  "Audit",
 
2342
  },
2343
  "effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5": {
2344
  "type": "String",
2345
  "metadata": {
2346
+ "displayName": "Effect for policy: Function apps should not have CORS configured to allow every resource to access your apps",
2347
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2348
  },
2349
  "allowedValues": [
2350
  "AuditIfNotExists",
 
2354
  },
2355
  "effect-c39ba22d-4428-4149-b981-70acb31fc383": {
2356
  "type": "String",
2357
  "metadata": {
2358
+ "displayName": "Effect for policy: Azure Key Vault Managed HSM should have purge protection enabled",
2359
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2360
  },
2361
  "allowedValues": [
2362
  "Audit",
 
2367
  },
2368
  "effect-617c02be-7f02-4efd-8836-3180d47b6c68": {
2369
  "type": "String",
2370
  "metadata": {
2371
+ "displayName": "Effect for policy: Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign",
2372
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2373
  },
2374
  "allowedValues": [
2375
  "Audit",
 
2380
  },
2381
  "effect-e345b6c3-24bd-4c93-9bbb-7e5e49a17b78": {
2382
  "type": "String",
2383
  "metadata": {
2384
+ "displayName": "Effect for policy: Azure VPN gateways should not use 'basic' SKU",
2385
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2386
  },
2387
  "allowedValues": [
2388
  "Audit",
 
2392
  },
2393
  "effect-58440f8a-10c5-4151-bdce-dfbaad4a20b7": {
2394
  "type": "String",
2395
  "metadata": {
2396
+ "displayName": "Effect for policy: CosmosDB accounts should use private link",
2397
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2398
  },
2399
  "allowedValues": [
2400
  "Audit",
 
2433
  },
2434
  "effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f": {
2435
  "type": "String",
2436
  "metadata": {
2437
+ "displayName": "Effect for policy: Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest",
2438
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2439
  },
2440
  "allowedValues": [
2441
  "Audit",
 
2446
  },
2447
  "effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8": {
2448
  "type": "String",
2449
  "metadata": {
2450
+ "displayName": "Effect for policy: Function apps should have authentication enabled",
2451
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2452
  },
2453
  "allowedValues": [
2454
  "AuditIfNotExists",
 
2458
  },
2459
  "effect-04c4380f-3fae-46e8-96c9-30193528f602": {
2460
  "type": "String",
2461
  "metadata": {
2462
+ "displayName": "Effect for policy: Network traffic data collection agent should be installed on Linux virtual machines",
2463
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2464
  },
2465
  "allowedValues": [
2466
  "AuditIfNotExists",
 
2470
  },
2471
  "effect-ca610c1d-041c-4332-9d88-7ed3094967c7": {
2472
  "type": "String",
2473
  "metadata": {
2474
+ "displayName": "Effect for policy: App Configuration should use private link",
2475
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2476
  },
2477
  "allowedValues": [
2478
  "AuditIfNotExists",
 
2482
  },
2483
  "effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858": {
2484
  "type": "String",
2485
  "metadata": {
2486
+ "displayName": "Effect for policy: An activity log alert should exist for specific Policy operations",
2487
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2488
  },
2489
  "allowedValues": [
2490
  "AuditIfNotExists",
 
2505
  },
2506
  "effect-1c30f9cd-b84c-49cc-aa2c-9288447cc3b3": {
2507
  "type": "String",
2508
  "metadata": {
2509
+ "displayName": "Effect for policy: vTPM should be enabled on supported virtual machines",
2510
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2511
  },
2512
  "allowedValues": [
2513
  "Audit",
 
2517
  },
2518
  "storagePrefix-c9c29499-c1d1-4195-99bd-2ec9e3a9dc89": {
2519
  "type": "String",
2520
  "metadata": {
2521
+ "displayName": "[Deprecated]: Storage Account Prefix for Regional Storage Account",
2522
+ "description": "This prefix will be combined with the network security group location to form the created storage account name.",
2523
+ "deprecated": true
2524
+ },
2525
+ "defaultValue": ""
2526
  },
2527
  "rgName-c9c29499-c1d1-4195-99bd-2ec9e3a9dc89": {
2528
  "type": "String",
2529
  "metadata": {
2530
+ "displayName": "[Deprecated]: Resource Group Name for Storage Account (must exist)",
2531
  "description": "The resource group that the storage account will be created in. This resource group must already exist.",
2532
+ "strongType": "ExistingResourceGroups",
2533
+ "deprecated": true
2534
+ },
2535
+ "defaultValue": ""
2536
  },
2537
  "IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112": {
2538
  "type": "String",
2539
  "metadata": {
 
2561
  },
2562
  "effect-5752e6d6-1206-46d8-8ab1-ecc2f71a8112": {
2563
  "type": "String",
2564
  "metadata": {
2565
+ "displayName": "Effect for policy: Windows machines should be configured to use secure communication protocols",
2566
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2567
  },
2568
  "allowedValues": [
2569
  "AuditIfNotExists",
 
2573
  },
2574
  "effect-1cb4d9c2-f88f-4069-bee0-dba239a57b09": {
2575
  "type": "String",
2576
  "metadata": {
2577
+ "displayName": "Effect for policy: Guest Attestation extension should be installed on supported Windows virtual machines",
2578
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2579
  },
2580
  "allowedValues": [
2581
  "AuditIfNotExists",
 
2638
  },
2639
  "effect-f2143251-70de-4e81-87a8-36cee5a2f29d": {
2640
  "type": "String",
2641
  "metadata": {
2642
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Settings - Account Policies'",
2643
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2644
  },
2645
  "allowedValues": [
2646
  "AuditIfNotExists",
 
2650
  },
2651
  "effect-cf820ca0-f99e-4f3e-84fb-66e913812d21": {
2652
  "type": "String",
2653
  "metadata": {
2654
+ "displayName": "Effect for policy: Resource logs in Key Vault should be enabled",
2655
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2656
  },
2657
  "allowedValues": [
2658
  "AuditIfNotExists",
 
2670
  },
2671
  "effect-82339799-d096-41ae-8538-b108becf0970": {
2672
  "type": "String",
2673
  "metadata": {
2674
+ "displayName": "Effect for policy: Geo-redundant backup should be enabled for Azure Database for MySQL",
2675
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2676
  },
2677
  "allowedValues": [
2678
  "Audit",
 
2682
  },
2683
  "effect-146412e9-005c-472b-9e48-c87b72ac229e": {
2684
  "type": "String",
2685
  "metadata": {
2686
+ "displayName": "Effect for policy: A Microsoft Entra administrator should be provisioned for MySQL servers",
2687
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2688
  },
2689
  "allowedValues": [
2690
  "AuditIfNotExists",
 
2716
  },
2717
  "effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b": {
2718
  "type": "String",
2719
  "metadata": {
2720
+ "displayName": "Effect for policy: Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords",
2721
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2722
  },
2723
  "allowedValues": [
2724
  "AuditIfNotExists",
 
2741
  },
2742
  "effect-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc": {
2743
  "type": "String",
2744
  "metadata": {
2745
+ "displayName": "Effect for policy: Windows machines should meet requirements of the Azure compute security baseline",
2746
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2747
  },
2748
  "allowedValues": [
2749
  "AuditIfNotExists",
 
2753
  },
2754
  "effect-eb907f70-7514-460d-92b3-a5ae93b4f917": {
2755
  "type": "String",
2756
  "metadata": {
2757
+ "displayName": "Effect for policy: Azure Web PubSub Service should use private link",
2758
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2759
  },
2760
  "allowedValues": [
2761
  "Audit",
 
2765
  },
2766
  "effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae": {
2767
  "type": "String",
2768
  "metadata": {
2769
+ "displayName": "Effect for policy: App Service apps should use latest 'HTTP Version'",
2770
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2771
  },
2772
  "allowedValues": [
2773
  "AuditIfNotExists",
 
2777
  },
2778
  "effect-a1ad735a-e96f-45d2-a7b2-9a4932cab7ec": {
2779
  "type": "String",
2780
  "metadata": {
2781
+ "displayName": "Effect for policy: Event Hub namespaces should use a customer-managed key for encryption",
2782
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2783
  },
2784
  "allowedValues": [
2785
  "Audit",
 
2789
  },
2790
  "effect-32e6bbec-16b6-44c2-be37-c5b672d103cf": {
2791
  "type": "String",
2792
  "metadata": {
2793
+ "displayName": "Effect for policy: Azure SQL Database should be running TLS version 1.2 or newer",
2794
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2795
  },
2796
  "allowedValues": [
2797
  "Audit",
 
2802
  },
2803
  "effect-bd876905-5b84-4f73-ab2d-2e7a7c4568d9": {
2804
  "type": "String",
2805
  "metadata": {
2806
+ "displayName": "Effect for policy: Machines should be configured to periodically check for missing system updates",
2807
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2808
  },
2809
  "allowedValues": [
2810
  "Audit",
 
2815
  },
2816
  "effect-34f95f76-5386-4de7-b824-0d8478470c9d": {
2817
  "type": "String",
2818
  "metadata": {
2819
+ "displayName": "Effect for policy: Resource logs in Logic Apps should be enabled",
2820
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2821
  },
2822
  "allowedValues": [
2823
  "AuditIfNotExists",
 
2835
  },
2836
  "effect-8ac833bd-f505-48d5-887e-c993a1d3eea0": {
2837
  "type": "String",
2838
  "metadata": {
2839
+ "displayName": "Effect for policy: API endpoints in Azure API Management should be authenticated",
2840
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2841
  },
2842
  "allowedValues": [
2843
  "AuditIfNotExists",
 
2847
  },
2848
  "effect-1ee56206-5dd1-42ab-b02d-8aae8b1634ce": {
2849
  "type": "String",
2850
  "metadata": {
2851
+ "displayName": "Effect for policy: Azure API for FHIR should use private link",
2852
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2853
  },
2854
  "allowedValues": [
2855
  "Audit",
 
2859
  },
2860
  "effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
2861
  "type": "String",
2862
  "metadata": {
2863
+ "displayName": "Effect for policy: Auditing on SQL server should be enabled",
2864
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2865
  },
2866
  "allowedValues": [
2867
  "AuditIfNotExists",
 
2882
  },
2883
  "effect-48af4db5-9b8b-401c-8e74-076be876a430": {
2884
  "type": "String",
2885
  "metadata": {
2886
+ "displayName": "Effect for policy: Geo-redundant backup should be enabled for Azure Database for PostgreSQL",
2887
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2888
  },
2889
  "allowedValues": [
2890
  "Audit",
 
2894
  },
2895
  "effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2": {
2896
  "type": "String",
2897
  "metadata": {
2898
+ "displayName": "Effect for policy: SQL managed instances should use customer-managed keys to encrypt data at rest",
2899
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2900
  },
2901
  "allowedValues": [
2902
  "Audit",
 
2907
  },
2908
  "effect-e15effd4-2278-4c65-a0da-4d6f6d1890e2": {
2909
  "type": "String",
2910
  "metadata": {
2911
+ "displayName": "Effect for policy: Log Analytics Workspaces should block non-Azure Active Directory based ingestion.",
2912
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2913
  },
2914
  "allowedValues": [
2915
  "Deny",
 
2920
  },
2921
  "effect-7926a6d1-b268-4586-8197-e8ae90c877d7": {
2922
  "type": "String",
2923
  "metadata": {
2924
+ "displayName": "Effect for policy: Microsoft Defender for APIs should be enabled",
2925
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2926
  },
2927
  "allowedValues": [
2928
  "AuditIfNotExists",
 
2932
  },
2933
  "effect-399b2637-a50f-4f95-96f8-3a145476eb15": {
2934
  "type": "String",
2935
  "metadata": {
2936
+ "displayName": "Effect for policy: Function apps should require FTPS only",
2937
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2938
  },
2939
  "allowedValues": [
2940
  "AuditIfNotExists",
 
2956
  },
2957
  "effect-82067dbb-e53b-4e06-b631-546d197452d9": {
2958
  "type": "String",
2959
  "metadata": {
2960
+ "displayName": "Effect for policy: Keys using RSA cryptography should have a specified minimum key size",
2961
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2962
  },
2963
  "allowedValues": [
2964
  "Audit",
 
2969
  },
2970
  "effect-12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5": {
2971
  "type": "String",
2972
  "metadata": {
2973
+ "displayName": "Effect for policy: Azure Key Vault should use RBAC permission model",
2974
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2975
  },
2976
  "allowedValues": [
2977
  "Audit",
 
2982
  },
2983
  "effect-a8793640-60f7-487c-b5c3-1d37215905c4": {
2984
  "type": "String",
2985
  "metadata": {
2986
+ "displayName": "Effect for policy: SQL Managed Instance should have the minimal TLS version of 1.2",
2987
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
2988
  },
2989
  "allowedValues": [
2990
  "Audit",
 
2994
  },
2995
  "effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9": {
2996
  "type": "String",
2997
  "metadata": {
2998
+ "displayName": "Effect for policy: Azure Monitor should collect activity logs from all regions",
2999
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3000
  },
3001
  "allowedValues": [
3002
  "AuditIfNotExists",
 
3033
  },
3034
  "effect-58383b73-94a9-4414-b382-4146eb02611b": {
3035
  "type": "String",
3036
  "metadata": {
3037
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'",
3038
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3039
  },
3040
  "allowedValues": [
3041
  "AuditIfNotExists",
 
3063
  },
3064
  "effect-32133ab0-ee4b-4b44-98d6-042180979d50": {
3065
  "type": "String",
3066
  "metadata": {
3067
+ "displayName": "[Deprecated]: Effect for policy: Log Analytics Extension should be enabled for listed virtual machine images",
3068
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
3069
  "deprecated": true
3070
  },
3071
  "allowedValues": [
 
3076
  },
3077
  "effect-d0793b48-0edc-4296-a390-4c75d1bdfd71": {
3078
  "type": "String",
3079
  "metadata": {
3080
+ "displayName": "Effect for policy: Container registries should not allow unrestricted network access",
3081
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3082
  },
3083
  "allowedValues": [
3084
  "Audit",
 
3089
  },
3090
  "effect-0a370ff3-6cab-4e85-8995-295fd854c5b8": {
3091
  "type": "String",
3092
  "metadata": {
3093
+ "displayName": "Effect for policy: SQL servers should use customer-managed keys to encrypt data at rest",
3094
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3095
  },
3096
  "allowedValues": [
3097
  "Audit",
 
3115
  },
3116
  "effect-caf2d518-f029-4f6b-833b-d7081702f253": {
3117
  "type": "String",
3118
  "metadata": {
3119
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Microsoft Network Server'",
3120
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3121
  },
3122
  "allowedValues": [
3123
  "AuditIfNotExists",
 
3127
  },
3128
  "effect-0b15565f-aa9e-48ba-8619-45960f2c314d": {
3129
  "type": "String",
3130
  "metadata": {
3131
+ "displayName": "Effect for policy: Email notification to subscription owner for high severity alerts should be enabled",
3132
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3133
  },
3134
  "allowedValues": [
3135
  "AuditIfNotExists",
 
3139
  },
3140
  "effect-d63edb4a-c612-454d-b47d-191a724fcbf0": {
3141
  "type": "String",
3142
  "metadata": {
3143
+ "displayName": "Effect for policy: Event Hub should use a virtual network service endpoint",
3144
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3145
  },
3146
  "allowedValues": [
3147
  "AuditIfNotExists",
 
3151
  },
3152
  "effect-9dfea752-dd46-4766-aed1-c355fa93fb91": {
3153
  "type": "String",
3154
  "metadata": {
3155
+ "displayName": "Effect for policy: Azure SQL Managed Instances should disable public network access",
3156
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3157
  },
3158
  "allowedValues": [
3159
  "Audit",
 
3164
  },
3165
  "effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f": {
3166
  "type": "String",
3167
  "metadata": {
3168
+ "displayName": "Effect for policy: Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost.",
3169
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3170
  },
3171
  "allowedValues": [
3172
  "AuditIfNotExists",
 
3196
  },
3197
  "effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a": {
3198
  "type": "String",
3199
  "metadata": {
3200
+ "displayName": "Effect for policy: Storage accounts should have infrastructure encryption",
3201
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3202
  },
3203
  "allowedValues": [
3204
  "Audit",
 
3209
  },
3210
  "effect-9b597639-28e4-48eb-b506-56b05d366257": {
3211
  "type": "String",
3212
  "metadata": {
3213
+ "displayName": "Effect for policy: Microsoft IaaSAntimalware extension should be deployed on Windows servers",
3214
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3215
  },
3216
  "allowedValues": [
3217
  "AuditIfNotExists",
 
3221
  },
3222
  "effect-438c38d2-3772-465a-a9cc-7a6666a275ce": {
3223
  "type": "String",
3224
  "metadata": {
3225
+ "displayName": "Effect for policy: Azure Machine Learning Workspaces should disable public network access",
3226
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3227
  },
3228
  "allowedValues": [
3229
  "Audit",
 
3234
  },
3235
  "effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc": {
3236
  "type": "String",
3237
  "metadata": {
3238
+ "displayName": "Effect for policy: App Service apps should have authentication enabled",
3239
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3240
  },
3241
  "allowedValues": [
3242
  "AuditIfNotExists",
 
3246
  },
3247
  "effect-a21f8c92-9e22-4f09-b759-50500d1d2dda": {
3248
  "type": "String",
3249
  "metadata": {
3250
+ "displayName": "Effect for policy: Guest Attestation extension should be installed on supported Linux virtual machines scale sets",
3251
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3252
  },
3253
  "allowedValues": [
3254
  "AuditIfNotExists",
 
3258
  },
3259
  "effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077": {
3260
  "type": "String",
3261
  "metadata": {
3262
+ "displayName": "Effect for policy: Public network access should be disabled for MariaDB servers",
3263
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3264
  },
3265
  "allowedValues": [
3266
  "Audit",
 
3271
  },
3272
  "effect-d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e": {
3273
  "type": "String",
3274
  "metadata": {
3275
+ "displayName": "Effect for policy: Log Analytics extension should be installed on your Windows Azure Arc machines",
3276
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3277
  },
3278
  "allowedValues": [
3279
  "AuditIfNotExists",
 
3283
  },
3284
  "effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f": {
3285
  "type": "String",
3286
  "metadata": {
3287
+ "displayName": "Effect for policy: Storage accounts should restrict network access using virtual network rules",
3288
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3289
  },
3290
  "allowedValues": [
3291
  "Audit",
 
3296
  },
3297
  "effect-13a6c84f-49a5-410a-b5df-5b880c3fe009": {
3298
  "type": "String",
3299
  "metadata": {
3300
+ "displayName": "Effect for policy: Linux virtual machines should use only signed and trusted boot components",
3301
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3302
  },
3303
  "allowedValues": [
3304
  "AuditIfNotExists",
 
3308
  },
3309
  "effect-057ef27e-665e-4328-8ea3-04b3122bd9fb": {
3310
  "type": "String",
3311
  "metadata": {
3312
+ "displayName": "Effect for policy: Resource logs in Azure Data Lake Store should be enabled",
3313
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3314
  },
3315
  "allowedValues": [
3316
  "AuditIfNotExists",
 
3336
  },
3337
  "effect-d31e5c31-63b2-4f12-887b-e49456834fa1": {
3338
  "type": "String",
3339
  "metadata": {
3340
+ "displayName": "Effect for policy: Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces",
3341
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3342
  },
3343
  "allowedValues": [
3344
  "AuditIfNotExists",
 
3348
  },
3349
  "effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811": {
3350
  "type": "String",
3351
  "metadata": {
3352
+ "displayName": "Effect for policy: Azure Stack Edge devices should use double-encryption",
3353
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3354
  },
3355
  "allowedValues": [
3356
  "Audit",
 
3361
  },
3362
  "effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580": {
3363
  "type": "String",
3364
  "metadata": {
3365
+ "displayName": "Effect for policy: Container registries should be encrypted with a customer-managed key",
3366
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3367
  },
3368
  "allowedValues": [
3369
  "Audit",
 
3374
  },
3375
  "effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457": {
3376
  "type": "String",
3377
  "metadata": {
3378
+ "displayName": "Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes Services",
3379
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3380
  },
3381
  "allowedValues": [
3382
  "Audit",
 
3386
  },
3387
  "effect-3657f5a0-770e-44a3-b44e-9431ba1e9735": {
3388
  "type": "String",
3389
  "metadata": {
3390
+ "displayName": "Effect for policy: Automation account variables should be encrypted",
3391
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3392
  },
3393
  "allowedValues": [
3394
  "Audit",
 
3399
  },
3400
  "effect-0e6763cc-5078-4e64-889d-ff4d9a839047": {
3401
  "type": "String",
3402
  "metadata": {
3403
+ "displayName": "Effect for policy: Azure Defender for Key Vault should be enabled",
3404
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3405
  },
3406
  "allowedValues": [
3407
  "AuditIfNotExists",
 
3411
  },
3412
  "effect-b4dec045-250a-48c2-b5cc-e0c4eec8b5b4": {
3413
  "type": "String",
3414
  "metadata": {
3415
+ "displayName": "Effect for policy: A Microsoft Entra administrator should be provisioned for PostgreSQL servers",
3416
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3417
  },
3418
  "allowedValues": [
3419
  "AuditIfNotExists",
 
3423
  },
3424
  "effect-b52376f7-9612-48a1-81cd-1ffe4b61032c": {
3425
  "type": "String",
3426
  "metadata": {
3427
+ "displayName": "Effect for policy: Public network access should be disabled for PostgreSQL servers",
3428
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3429
  },
3430
  "allowedValues": [
3431
  "Audit",
 
3436
  },
3437
  "effect-12430be1-6cc8-4527-a9a8-e3d38f250096": {
3438
  "type": "String",
3439
  "metadata": {
3440
+ "displayName": "Effect for policy: Web Application Firewall (WAF) should use the specified mode for Application Gateway",
3441
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3442
  },
3443
  "allowedValues": [
3444
  "Audit",
 
3461
  },
3462
  "effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835": {
3463
  "type": "String",
3464
  "metadata": {
3465
+ "displayName": "Effect for policy: Azure Defender for open-source relational databases should be enabled",
3466
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3467
  },
3468
  "allowedValues": [
3469
  "AuditIfNotExists",
 
3473
  },
3474
  "effect-549814b6-3212-4203-bdc8-1548d342fb67": {
3475
  "type": "String",
3476
  "metadata": {
3477
+ "displayName": "Effect for policy: API Management minimum API version should be set to 2019-12-01 or higher",
3478
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3479
  },
3480
  "allowedValues": [
3481
  "Audit",
 
3486
  },
3487
  "effect-1c06e275-d63d-4540-b761-71f364c2111d": {
3488
  "type": "String",
3489
  "metadata": {
3490
+ "displayName": "Effect for policy: Azure Service Bus namespaces should use private link",
3491
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3492
  },
3493
  "allowedValues": [
3494
  "AuditIfNotExists",
 
3505
  },
3506
  "effect-d8cf8476-a2ec-4916-896e-992351803c44": {
3507
  "type": "String",
3508
  "metadata": {
3509
+ "displayName": "Effect for policy: Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation.",
3510
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3511
  },
3512
  "allowedValues": [
3513
  "Audit",
 
3517
  },
3518
  "effect-245fc9df-fa96-4414-9a0b-3738c2f7341c": {
3519
  "type": "String",
3520
  "metadata": {
3521
+ "displayName": "Effect for policy: Resource logs in Azure Kubernetes Service should be enabled",
3522
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3523
  },
3524
  "allowedValues": [
3525
  "AuditIfNotExists",
 
3537
  },
3538
  "effect-bf045164-79ba-4215-8f95-f8048dc1780b": {
3539
  "type": "String",
3540
  "metadata": {
3541
+ "displayName": "Effect for policy: Geo-redundant storage should be enabled for Storage Accounts",
3542
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3543
  },
3544
  "allowedValues": [
3545
  "Audit",
 
3549
  },
3550
  "effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8": {
3551
  "type": "String",
3552
  "metadata": {
3553
+ "displayName": "Effect for policy: Azure Machine Learning workspaces should be encrypted with a customer-managed key",
3554
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3555
  },
3556
  "allowedValues": [
3557
  "Audit",
 
3562
  },
3563
  "effect-af99038c-02fd-4a2f-ac24-386b62bf32de": {
3564
  "type": "String",
3565
  "metadata": {
3566
+ "displayName": "Effect for policy: Machines should have ports closed that might expose attack vectors",
3567
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3568
  },
3569
  "allowedValues": [
3570
  "AuditIfNotExists",
 
3574
  },
3575
  "effect-22730e10-96f6-4aac-ad84-9383d35b5917": {
3576
  "type": "String",
3577
  "metadata": {
3578
+ "displayName": "Effect for policy: Management ports should be closed on your virtual machines",
3579
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3580
  },
3581
  "allowedValues": [
3582
  "AuditIfNotExists",
 
3586
  },
3587
  "effect-4b90e17e-8448-49db-875e-bd83fb6f804f": {
3588
  "type": "String",
3589
  "metadata": {
3590
+ "displayName": "Effect for policy: Azure Event Grid topics should use private link",
3591
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3592
  },
3593
  "allowedValues": [
3594
  "Audit",
 
3598
  },
3599
  "effect-044985bb-afe1-42cd-8a36-9d5d42424537": {
3600
  "type": "String",
3601
  "metadata": {
3602
+ "displayName": "Effect for policy: Storage account keys should not be expired",
3603
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3604
  },
3605
  "allowedValues": [
3606
  "Audit",
 
3611
  },
3612
  "effect-ea4d6841-2173-4317-9747-ff522a45120f": {
3613
  "type": "String",
3614
  "metadata": {
3615
+ "displayName": "Effect for policy: Key Vault should use a virtual network service endpoint",
3616
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3617
  },
3618
  "allowedValues": [
3619
  "Audit",
 
3623
  },
3624
  "effect-9830b652-8523-49cc-b1b3-e17dce1127ca": {
3625
  "type": "String",
3626
  "metadata": {
3627
+ "displayName": "Effect for policy: Azure Event Grid domains should use private link",
3628
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3629
  },
3630
  "allowedValues": [
3631
  "Audit",
 
3635
  },
3636
  "effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf": {
3637
  "type": "String",
3638
  "metadata": {
3639
+ "displayName": "Effect for policy: Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers",
3640
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3641
  },
3642
  "allowedValues": [
3643
  "AuditIfNotExists",
 
3647
  },
3648
  "effect-abda6d70-9778-44e7-84a8-06713e6db027": {
3649
  "type": "String",
3650
  "metadata": {
3651
+ "displayName": "Effect for policy: Azure SQL Database should have Microsoft Entra-only authentication enabled during creation",
3652
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3653
  },
3654
  "allowedValues": [
3655
  "Audit",
 
3660
  },
3661
  "effect-090c7b07-b4ed-4561-ad20-e9075f3ccaff": {
3662
  "type": "String",
3663
  "metadata": {
3664
+ "displayName": "Effect for policy: Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)",
3665
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3666
  },
3667
  "allowedValues": [
3668
  "AuditIfNotExists",
 
3672
  },
3673
  "effect-e2c1c086-2d84-4019-bff3-c44ccd95113c": {
3674
  "type": "String",
3675
  "metadata": {
3676
+ "displayName": "Effect for policy: Function apps should use latest 'HTTP Version'",
3677
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3678
  },
3679
  "allowedValues": [
3680
  "AuditIfNotExists",
 
3684
  },
3685
  "effect-f39f5f49-4abf-44de-8c70-0756997bfb51": {
3686
  "type": "String",
3687
  "metadata": {
3688
+ "displayName": "Effect for policy: Disk access resources should use private link",
3689
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3690
  },
3691
  "allowedValues": [
3692
  "AuditIfNotExists",
 
3714
  },
3715
  "effect-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": {
3716
  "type": "String",
3717
  "metadata": {
3718
+ "displayName": "[Deprecated]: Effect for policy: Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images",
3719
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
3720
  "deprecated": true
3721
  },
3722
  "allowedValues": [
 
3747
  },
3748
  "effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a": {
3749
  "type": "String",
3750
  "metadata": {
3751
+ "displayName": "Effect for policy: Vulnerability assessment should be enabled on SQL Managed Instance",
3752
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3753
  },
3754
  "allowedValues": [
3755
  "AuditIfNotExists",
 
3759
  },
3760
  "effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15": {
3761
  "type": "String",
3762
  "metadata": {
3763
+ "displayName": "[Deprecated]: Effect for policy: Vulnerabilities in security configuration on your machines should be remediated",
3764
  "description": "For more information about effects, visit https://aka.ms/policyeffects",
3765
  "deprecated": true
3766
  },
3767
  "allowedValues": [
 
3772
  },
3773
  "effect-0564d078-92f5-4f97-8398-b9f58a51f70b": {
3774
  "type": "String",
3775
  "metadata": {
3776
+ "displayName": "Effect for policy: Private endpoint should be enabled for PostgreSQL servers",
3777
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3778
  },
3779
  "allowedValues": [
3780
  "AuditIfNotExists",
 
3784
  },
3785
  "effect-17f4b1cc-c55c-4d94-b1f9-2978f6ac2957": {
3786
  "type": "String",
3787
  "metadata": {
3788
+ "displayName": "Effect for policy: Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)",
3789
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3790
  },
3791
  "allowedValues": [
3792
  "AuditIfNotExists",
 
3796
  },
3797
  "effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c": {
3798
  "type": "String",
3799
  "metadata": {
3800
+ "displayName": "Effect for policy: Resource logs in Data Lake Analytics should be enabled",
3801
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3802
  },
3803
  "allowedValues": [
3804
  "AuditIfNotExists",
 
3816
  },
3817
  "effect-6fac406b-40ca-413b-bf8e-0bf964659c25": {
3818
  "type": "String",
3819
  "metadata": {
3820
+ "displayName": "Effect for policy: Storage accounts should use customer-managed key for encryption",
3821
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3822
  },
3823
  "allowedValues": [
3824
  "Audit",
 
3828
  },
3829
  "effect-0a1302fb-a631-4106-9753-f3d494733990": {
3830
  "type": "String",
3831
  "metadata": {
3832
+ "displayName": "Effect for policy: Private endpoint should be enabled for MariaDB servers",
3833
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3834
  },
3835
  "allowedValues": [
3836
  "AuditIfNotExists",
 
3840
  },
3841
  "effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab": {
3842
  "type": "String",
3843
  "metadata": {
3844
+ "displayName": "Effect for policy: Function apps should only be accessible over HTTPS",
3845
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3846
  },
3847
  "allowedValues": [
3848
  "Audit",
 
3853
  },
3854
  "effect-b954148f-4c11-4c38-8221-be76711e194a": {
3855
  "type": "String",
3856
  "metadata": {
3857
+ "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations",
3858
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3859
  },
3860
  "allowedValues": [
3861
  "AuditIfNotExists",
 
3884
  },
3885
  "effect-0fea8f8a-4169-495d-8307-30ec335f387d": {
3886
  "type": "String",
3887
  "metadata": {
3888
+ "displayName": "Effect for policy: CORS should not allow every domain to access your API for FHIR",
3889
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3890
  },
3891
  "allowedValues": [
3892
  "Audit",
 
3896
  },
3897
  "effect-6edd7eda-6dd8-40f7-810d-67160c639cd9": {
3898
  "type": "String",
3899
  "metadata": {
3900
+ "displayName": "Effect for policy: Storage accounts should use private link",
3901
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3902
  },
3903
  "allowedValues": [
3904
  "AuditIfNotExists",
 
3920
  },
3921
  "effect-bfecdea6-31c4-4045-ad42-71b9dc87247d": {
3922
  "type": "String",
3923
  "metadata": {
3924
+ "displayName": "Effect for policy: Storage account encryption scopes should use double encryption for data at rest",
3925
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3926
  },
3927
  "allowedValues": [
3928
  "Audit",
 
3933
  },
3934
  "effect-7595c971-233d-4bcf-bd18-596129188c49": {
3935
  "type": "String",
3936
  "metadata": {
3937
+ "displayName": "Effect for policy: Private endpoint should be enabled for MySQL servers",
3938
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3939
  },
3940
  "allowedValues": [
3941
  "AuditIfNotExists",
 
3945
  },
3946
  "effect-19dd1db6-f442-49cf-a838-b0786b4401ef": {
3947
  "type": "String",
3948
  "metadata": {
3949
+ "displayName": "Effect for policy: App Service apps should have Client Certificates (Incoming client certificates) enabled",
3950
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3951
  },
3952
  "allowedValues": [
3953
  "AuditIfNotExists",
 
3957
  },
3958
  "effect-d9844e8a-1437-4aeb-a32c-0c992f056095": {
3959
  "type": "String",
3960
  "metadata": {
3961
+ "displayName": "Effect for policy: Public network access should be disabled for MySQL servers",
3962
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3963
  },
3964
  "allowedValues": [
3965
  "Audit",
 
3970
  },
3971
  "effect-72d11df1-dd8a-41f7-8925-b05b960ebafc": {
3972
  "type": "String",
3973
  "metadata": {
3974
+ "displayName": "Effect for policy: Azure Synapse workspaces should use private link",
3975
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3976
  },
3977
  "allowedValues": [
3978
  "Audit",
 
3982
  },
3983
  "effect-e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9": {
3984
  "type": "String",
3985
  "metadata": {
3986
+ "displayName": "Effect for policy: Cosmos DB should use a virtual network service endpoint",
3987
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
3988
  },
3989
  "allowedValues": [
3990
  "Audit",
 
4015
  },
4016
  "effect-ee984370-154a-4ee8-9726-19d900e56fc0": {
4017
  "type": "String",
4018
  "metadata": {
4019
+ "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Accounts'",
4020
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4021
  },
4022
  "allowedValues": [
4023
  "AuditIfNotExists",
 
4027
  },
4028
  "effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9": {
4029
  "type": "String",
4030
  "metadata": {
4031
+ "displayName": "Effect for policy: App Service apps should not have CORS configured to allow every resource to access your apps",
4032
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4033
  },
4034
  "allowedValues": [
4035
  "AuditIfNotExists",
 
4039
  },
4040
  "effect-1f90fc71-a595-4066-8974-d4d0802e8ef0": {
4041
  "type": "String",
4042
  "metadata": {
4043
+ "displayName": "Effect for policy: Microsoft Defender CSPM should be enabled",
4044
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4045
  },
4046
  "allowedValues": [
4047
  "AuditIfNotExists",
 
4051
  },
4052
  "effect-f85bf3e0-d513-442e-89c3-1784ad63382b": {
4053
  "type": "String",
4054
  "metadata": {
4055
+ "displayName": "Effect for policy: System updates should be installed on your machines (powered by Update Center)",
4056
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4057
  },
4058
  "allowedValues": [
4059
  "AuditIfNotExists",
 
4063
  },
4064
  "effect-78215662-041e-49ed-a9dd-5385911b3a1f": {
4065
  "type": "String",
4066
  "metadata": {
4067
+ "displayName": "Effect for policy: Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation",
4068
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4069
  },
4070
  "allowedValues": [
4071
  "Audit",
 
4089
  },
4090
  "effect-da0f98fe-a24b-4ad5-af69-bd0400233661": {
4091
  "type": "String",
4092
  "metadata": {
4093
+ "displayName": "Effect for policy: Audit Windows machines that do not store passwords using reversible encryption",
4094
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4095
  },
4096
  "allowedValues": [
4097
  "AuditIfNotExists",
 
4101
  },
4102
  "effect-df73bd95-24da-4a4f-96b9-4e8b94b402bd": {
4103
  "type": "String",
4104
  "metadata": {
4105
+ "displayName": "Effect for policy: API Management should disable public network access to the service configuration endpoints",
4106
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4107
  },
4108
  "allowedValues": [
4109
  "AuditIfNotExists",
 
4126
  },
4127
  "effect-1c988dd6-ade4-430f-a608-2a3e5b0a6d38": {
4128
  "type": "String",
4129
  "metadata": {
4130
+ "displayName": "Effect for policy: Microsoft Defender for Containers should be enabled",
4131
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4132
  },
4133
  "allowedValues": [
4134
  "AuditIfNotExists",
 
4138
  },
4139
  "effect-d550e854-df1a-4de9-bf44-cd894b39a95e": {
4140
  "type": "String",
4141
  "metadata": {
4142
+ "displayName": "Effect for policy: Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace",
4143
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4144
  },
4145
  "allowedValues": [
4146
  "Audit",
 
4151
  },
4152
  "effect-1dc2fc00-2245-4143-99f4-874c937f13ef": {
4153
  "type": "String",
4154
  "metadata": {
4155
+ "displayName": "Effect for policy: Azure API Management platform version should be stv2",
4156
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4157
  },
4158
  "allowedValues": [
4159
  "Audit",
 
4164
  },
4165
  "effect-051cba44-2429-45b9-9649-46cec11c7119": {
4166
  "type": "String",
4167
  "metadata": {
4168
+ "displayName": "Effect for policy: Azure API for FHIR should use a customer-managed key to encrypt data at rest",
4169
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4170
  },
4171
  "allowedValues": [
4172
  "Audit",
 
4176
  },
4177
  "effect-672fe5a1-2fcd-42d7-b85d-902b6e28c6ff": {
4178
  "type": "String",
4179
  "metadata": {
4180
+ "displayName": "Effect for policy: Guest Attestation extension should be installed on supported Linux virtual machines",
4181
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4182
  },
4183
  "allowedValues": [
4184
  "AuditIfNotExists",
 
4188
  },
4189
  "effect-e71308d3-144b-4262-b144-efdc3cc90517": {
4190
  "type": "String",
4191
  "metadata": {
4192
+ "displayName": "Effect for policy: Subnets should be associated with a Network Security Group",
4193
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4194
  },
4195
  "allowedValues": [
4196
  "AuditIfNotExists",
 
4200
  },
4201
  "effect-41425d9f-d1a5-499a-9932-f8ed8453932c": {
4202
  "type": "String",
4203
  "metadata": {
4204
+ "displayName": "Effect for policy: Temp disks and cache for agent node pools in Azure Kubernetes Service clusters should be encrypted at host",
4205
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4206
  },
4207
  "allowedValues": [
4208
  "Audit",
 
4233
  },
4234
  "effect-5d4e3c65-4873-47be-94f3-6f8b953a3598": {
4235
  "type": "String",
4236
  "metadata": {
4237
+ "displayName": "Effect for policy: Azure Event Hub namespaces should have local authentication methods disabled",
4238
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4239
  },
4240
  "allowedValues": [
4241
  "Audit",
 
4246
  },
4247
  "effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a": {
4248
  "type": "String",
4249
  "metadata": {
4250
+ "displayName": "Effect for policy: Azure Batch account should use customer-managed keys to encrypt data",
4251
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4252
  },
4253
  "allowedValues": [
4254
  "Audit",
 
4259
  },
4260
  "effect-fc4d8e41-e223-45ea-9bf5-eada37891d87": {
4261
  "type": "String",
4262
  "metadata": {
4263
+ "displayName": "Effect for policy: Virtual machines and virtual machine scale sets should have encryption at host enabled",
4264
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4265
  },
4266
  "allowedValues": [
4267
  "Audit",
 
4272
  },
4273
  "effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66": {
4274
  "type": "String",
4275
  "metadata": {
4276
+ "displayName": "Effect for policy: Web Application Firewall (WAF) should be enabled for Application Gateway",
4277
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4278
  },
4279
  "allowedValues": [
4280
  "Audit",
 
4285
  },
4286
  "effect-1f314764-cb73-4fc9-b863-8eca98ac36e9": {
4287
  "type": "String",
4288
  "metadata": {
4289
+ "displayName": "Effect for policy: An Azure Active Directory administrator should be provisioned for SQL servers",
4290
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4291
  },
4292
  "allowedValues": [
4293
  "AuditIfNotExists",
 
4297
  },
4298
  "effect-c3d20c29-b36d-48fe-808b-99a87530ad99": {
4299
  "type": "String",
4300
  "metadata": {
4301
+ "displayName": "Effect for policy: Azure Defender for Resource Manager should be enabled",
4302
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4303
  },
4304
  "allowedValues": [
4305
  "AuditIfNotExists",
 
4309
  },
4310
  "effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46": {
4311
  "type": "String",
4312
  "metadata": {
4313
+ "displayName": "Effect for policy: Resource logs in Azure Stream Analytics should be enabled",
4314
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4315
  },
4316
  "allowedValues": [
4317
  "AuditIfNotExists",
 
4329
  },
4330
  "effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45": {
4331
  "type": "String",
4332
  "metadata": {
4333
+ "displayName": "Effect for policy: Resource logs in Service Bus should be enabled",
4334
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4335
  },
4336
  "allowedValues": [
4337
  "AuditIfNotExists",
 
4349
  },
4350
  "effect-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": {
4351
  "type": "String",
4352
  "metadata": {
4353
+ "displayName": "Effect for policy: Network Watcher should be enabled",
4354
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4355
  },
4356
  "allowedValues": [
4357
  "AuditIfNotExists",
 
4379
  },
4380
  "effect-013e242c-8828-4970-87b3-ab247555486d": {
4381
  "type": "String",
4382
  "metadata": {
4383
+ "displayName": "Effect for policy: Azure Backup should be enabled for Virtual Machines",
4384
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4385
  },
4386
  "allowedValues": [
4387
  "AuditIfNotExists",
 
4391
  },
4392
  "effect-6c53d030-cc64-46f0-906d-2bc061cd1334": {
4393
  "type": "String",
4394
  "metadata": {
4395
+ "displayName": "Effect for policy: Log Analytics workspaces should block log ingestion and querying from public networks",
4396
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4397
  },
4398
  "allowedValues": [
4399
  "Audit",
 
4404
  },
4405
  "effect-8405fdab-1faf-48aa-b702-999c9c172094": {
4406
  "type": "String",
4407
  "metadata": {
4408
+ "displayName": "Effect for policy: Managed disks should disable public network access",
4409
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4410
  },
4411
  "allowedValues": [
4412
  "Audit",
 
4416
  },
4417
  "effect-fc5e4038-4584-4632-8c85-c0448d374b2c": {
4418
  "type": "String",
4419
  "metadata": {
4420
+ "displayName": "Effect for policy: All Internet traffic should be routed via your deployed Azure Firewall",
4421
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4422
  },
4423
  "allowedValues": [
4424
  "AuditIfNotExists",
 
4428
  },
4429
  "effect-2154edb9-244f-4741-9970-660785bccdaa": {
4430
  "type": "String",
4431
  "metadata": {
4432
+ "displayName": "Effect for policy: VM Image Builder templates should use private link",
4433
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4434
  },
4435
  "allowedValues": [
4436
  "Audit",
 
4453
  },
4454
  "effect-a6abeaec-4d90-4a02-805f-6b26c4d3fbe9": {
4455
  "type": "String",
4456
  "metadata": {
4457
+ "displayName": "Effect for policy: Azure Key Vaults should use private link",
4458
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4459
  },
4460
  "allowedValues": [
4461
  "Audit",
 
4466
  },
4467
  "effect-b5ec538c-daa0-4006-8596-35468b9148e8": {
4468
  "type": "String",
4469
  "metadata": {
4470
+ "displayName": "Effect for policy: Storage account encryption scopes should use customer-managed keys to encrypt data at rest",
4471
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4472
  },
4473
  "allowedValues": [
4474
  "Audit",
 
4479
  },
4480
  "effect-037eea7a-bd0a-46c5-9a66-03aea78705d3": {
4481
  "type": "String",
4482
  "metadata": {
4483
+ "displayName": "Effect for policy: Azure AI Services resources should restrict network access",
4484
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4485
  },
4486
  "allowedValues": [
4487
  "Audit",
 
4492
  },
4493
  "effect-21a6bc25-125e-4d13-b82d-2e19b7208ab7": {
4494
  "type": "String",
4495
  "metadata": {
4496
+ "displayName": "Effect for policy: VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users",
4497
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4498
  },
4499
  "allowedValues": [
4500
  "Audit",
 
4505
  },
4506
  "effect-6ba6d016-e7c3-4842-b8f2-4992ebc0d72d": {
4507
  "type": "String",
4508
  "metadata": {
4509
+ "displayName": "Effect for policy: SQL servers on machines should have vulnerability findings resolved",
4510
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4511
  },
4512
  "allowedValues": [
4513
  "AuditIfNotExists",
 
4517
  },
4518
  "effect-1bc02227-0cb6-4e11-8f53-eb0b22eab7e8": {
4519
  "type": "String",
4520
  "metadata": {
4521
+ "displayName": "Effect for policy: Application Insights components should block log ingestion and querying from public networks",
4522
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4523
  },
4524
  "allowedValues": [
4525
  "Audit",
 
4552
  },
4553
  "effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2": {
4554
  "type": "String",
4555
  "metadata": {
4556
+ "displayName": "Effect for policy: Audit Windows machines that do not restrict the minimum password length to specified number of characters",
4557
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4558
  },
4559
  "allowedValues": [
4560
  "AuditIfNotExists",
 
4586
  },
4587
  "effect-237b38db-ca4d-4259-9e47-7882441ca2c0": {
4588
  "type": "String",
4589
  "metadata": {
4590
+ "displayName": "Effect for policy: Audit Windows machines that do not have the minimum password age set to specified number of days",
4591
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4592
  },
4593
  "allowedValues": [
4594
  "AuditIfNotExists",
 
4606
  },
4607
  "effect-0a075868-4c26-42ef-914c-5bc007359560": {
4608
  "type": "String",
4609
  "metadata": {
4610
+ "displayName": "Effect for policy: Certificates should have the specified maximum validity period",
4611
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4612
  },
4613
  "allowedValues": [
4614
  "Audit",
 
4619
  },
4620
  "effect-56fd377d-098c-4f02-8406-81eb055902b8": {
4621
  "type": "String",
4622
  "metadata": {
4623
+ "displayName": "Effect for policy: IP firewall rules on Azure Synapse workspaces should be removed",
4624
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4625
  },
4626
  "allowedValues": [
4627
  "Audit",
 
4631
  },
4632
  "effect-2f2ee1de-44aa-4762-b6bd-0893fc3f306d": {
4633
  "type": "String",
4634
  "metadata": {
4635
+ "displayName": "Effect for policy: Network traffic data collection agent should be installed on Windows virtual machines",
4636
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4637
  },
4638
  "allowedValues": [
4639
  "AuditIfNotExists",
 
4659
  },
4660
  "effect-e2dd799a-a932-4e9d-ac17-d473bc3c6c10": {
4661
  "type": "String",
4662
  "metadata": {
4663
+ "displayName": "Effect for policy: Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images",
4664
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4665
  },
4666
  "allowedValues": [
4667
  "AuditIfNotExists",
 
4671
  },
4672
  "effect-deeddb44-9f94-4903-9fa0-081d524406e3": {
4673
  "type": "String",
4674
  "metadata": {
4675
+ "displayName": "Effect for policy: Azure Recovery Services vaults should use private link for backup",
4676
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4677
  },
4678
  "allowedValues": [
4679
  "Audit",
 
4683
  },
4684
  "effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9": {
4685
  "type": "String",
4686
  "metadata": {
4687
+ "displayName": "Effect for policy: Azure Defender for SQL should be enabled for unprotected SQL Managed Instances",
4688
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4689
  },
4690
  "allowedValues": [
4691
  "AuditIfNotExists",
 
4695
  },
4696
  "effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9": {
4697
  "type": "String",
4698
  "metadata": {
4699
+ "displayName": "Effect for policy: A vulnerability assessment solution should be enabled on your virtual machines",
4700
  "description": "For more information about effects, visit https://aka.ms/policyeffects"
4701
  },
4702
  "allowedValues": [
4703
  "AuditIfNotExists",
 
5553
  "EU_GDPR_2016_679_Art._32"
5554
  ]
5555
  },
5556
  {
 
 
 
 
 
 
 
 
 
 
 
5557
  "policyDefinitionReferenceId": "87845465-c458-45f3-af66-dcd62176f397",
5558
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87845465-c458-45f3-af66-dcd62176f397",
5559
  "definitionVersion": "3.*.*",
5560
  "parameters": {
 
5696
  "EU_GDPR_2016_679_Art._32"
5697
  ]
5698
  },
5699
  {
 
 
 
 
 
 
 
 
 
 
 
5700
  "policyDefinitionReferenceId": "f71be03e-e25b-4d0f-b8bc-9b3e309b66c0",
5701
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f71be03e-e25b-4d0f-b8bc-9b3e309b66c0",
5702
  "definitionVersion": "3.*.*",
5703
  "parameters": {
 
5801
  "EU_GDPR_2016_679_Art._32"
5802
  ]
5803
  },
5804
  {
 
 
 
 
 
 
 
 
 
 
 
 
5805
  "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0",
5806
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0",
5807
  "definitionVersion": "1.*.*",
5808
  "parameters": {
 
5833
  "EU_GDPR_2016_679_Art._32"
5834
  ]
5835
  },
5836
  {
 
 
 
 
 
 
 
 
 
 
 
 
5837
  "policyDefinitionReferenceId": "69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
5838
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
5839
  "definitionVersion": "2.*.*",
5840
  "parameters": {
 
6648
  "EU_GDPR_2016_679_Art._32"
6649
  ]
6650
  },
6651
  {
 
 
 
 
 
 
 
 
 
 
 
6652
  "policyDefinitionReferenceId": "7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
6653
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
6654
  "definitionVersion": "1.*.*",
6655
  "parameters": {
 
7444
  "EU_GDPR_2016_679_Art._32"
7445
  ]
7446
  },
7447
  {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7448
  "policyDefinitionReferenceId": "5752e6d6-1206-46d8-8ab1-ecc2f71a8112",
7449
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112",
7450
  "definitionVersion": "4.*.*",
7451
  "parameters": {
 
8006
  "EU_GDPR_2016_679_Art._32"
8007
  ]
8008
  },
8009
  {
 
 
 
 
 
 
 
 
 
 
 
8010
  "policyDefinitionReferenceId": "d63edb4a-c612-454d-b47d-191a724fcbf0",
8011
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0",
8012
  "definitionVersion": "1.*.*",
8013
  "parameters": {
 
8399
  "EU_GDPR_2016_679_Art._32"
8400
  ]
8401
  },
8402
  {
 
 
 
 
 
 
 
 
 
 
 
 
8403
  "policyDefinitionReferenceId": "0a9fbe0d-c5c4-4da8-87d8-f4fd77338835",
8404
  "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a9fbe0d-c5c4-4da8-87d8-f4fd77338835",
8405
  "definitionVersion": "1.*.*",
8406
  "parameters": {
 
9772
  "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/EU_GDPR_2016_679_Art._34"
9773
  }
9774
  ],
9775
  "versions": [
9776
+ "1.4.0",
9777
+ "1.3.1",
9778
  "1.3.0",
9779
  "1.2.0",
9780
  "1.1.0",
9781
  "1.0.0"
JSON
api-version=2023-04-01
EPAC
{9 items}