last sync: 2022-Jan-20 18:36:46 UTC

Azure Policy Initiative

[Preview]: Motion Picture Association of America (MPAA)

Name[Preview]: Motion Picture Association of America (MPAA)
Azure Portal
Id92646f03-e39d-47a9-9e24-58d60ef49af8
Version4.0.2-preview
details on versioning
CategoryRegulatory Compliance
Microsoft docs
DescriptionThis initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-blueprint.
TypeBuiltIn
DeprecatedFalse
PreviewTrue
History
Date/Time (UTC ymd) (i) Changes
2021-01-22 09:14:56 add Policy A vulnerability assessment solution should be enabled on your virtual machines (501541f7-f7e7-4cd6-868c-4190fdad3ac9)
remove Policy [Deprecated]: Vulnerabilities should be remediated by a Vulnerability Assessment solution (760a85ff-6162-42b3-8d70-698e268f648c)
2020-09-09 11:24:08 add Policy Audit Windows machines that do not restrict the minimum password length to 14 characters (a2d0e922-65d0-40c4-8f87-ea6da2d307a2)
add Policy Audit Windows machines that do not contain the specified certificates in Trusted Root (934345e1-4dfb-4c70-90d7-41990dc9608b)
add Policy Audit Linux machines that don't have the specified applications installed (d3b823c9-e0fc-4453-9fb2-8213b7338523)
add Policy Audit Linux machines that allow remote connections from accounts without passwords (ea53dbee-c6c9-4f0e-9f9e-de0039b78023)
add Policy Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs (331e8ea8-378a-410f-a2e5-ae22f38bb0da)
add Policy Audit Windows machines that contain certificates expiring within the specified number of days (1417908b-4bff-46ee-a2a6-4acc899320ab)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root (106ccbe4-a791-4f33-a44a-06796944b8d5)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters (5aebc8d1-020d-4037-89a0-02043a7524ec)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters (23020aa6-1135-4be2-bae2-149982b06eca)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days (c5fbc59e-fb6f-494f-81e2-d99a671bdaa8)
remove Policy [Deprecated]: Show audit results from Windows VMs that do not contain the specified certificates in Trusted Root (f3b9ad83-000d-4dc1-bff0-6d54533dd03f)
remove Policy [Deprecated]: Show audit results from Windows VMs that contain certificates expiring within the specified number of days (9328f27e-611e-44a7-a244-39109d7d35ab)
remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords (ec49586f-4939-402d-a29e-6ff502b20592)
remove Policy [Deprecated]: Show audit results from Linux VMs that allow remote connections from accounts without passwords (2d67222d-05fd-4526-a171-2ee132ad9e83)
remove Policy [Deprecated]: Show audit results from Linux VMs that do not have the specified applications installed (fee5cb2b-9d9b-410e-afe3-2902d90d0004)
remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed (4d1c04de-2172-403f-901b-90608c35c721)
2020-08-21 13:50:30 add Policy Windows machines should meet requirements for 'Security Options - Network Access' (3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd)
add Policy Windows machines should meet requirements for 'Windows Firewall Properties' (35d9882c-993d-44e6-87d2-db66ce21b636)
add Policy Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs (385f5831-96d4-41db-9a3c-cd3af78aaae6)
add Policy Windows machines should meet requirements for 'Security Options - Recovery console' (f71be03e-e25b-4d0f-b8bc-9b3e309b66c0)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities (3cf2ab00-13f1-4d0c-8971-2ac904541a7e)
add Policy Windows machines should meet requirements for 'Security Options - Accounts' (ee984370-154a-4ee8-9726-19d900e56fc0)
add Policy Windows machines should meet requirements for 'Security Options - Microsoft Network Client' (d6c69680-54f0-4349-af10-94dd05f4225e)
add Policy Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity (497dff13-db2a-4c0f-8603-28fa3b331ab6)
add Policy Windows machines should meet requirements for 'Security Options - System settings' (12017595-5a75-4bb1-9d97-4c2c939ea3c3)
add Policy Windows machines should meet requirements for 'User Rights Assignment' (e068b215-0026-4354-b347-8fb2766f73a2)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client' (fcbc55c9-f25a-4e55-a6cb-33acb3be778b)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'User Rights Assignment' (c961dac9-5916-42e8-8fb1-703148323994)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' (f56a3ab2-89d1-44de-ac0d-2ada5962e22a)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Client' (bbcdd8fa-b600-4ee3-85b8-d184e3339652)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment' (815dcc9f-6662-43f2-9a03-1b83e9876f24)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Recovery console' (ba12366f-f9a6-42b8-9d98-157d0b1a837b)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Accounts' (e5b81f87-9185-4224-bf00-9f505e9f89f3)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System settings' (437a1f8f-8552-47a8-8b12-a2fee3269dd5)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Recovery console' (ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Network Access' (30040dab-4e75-4456-8273-14b8f75d91d9)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Windows Firewall Properties' (8bbd627e-4d25-4906-9a6e-3789780af3ec)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - System settings' (8a39d1f1-5513-4628-b261-f469a5a3341b)
remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Accounts' (b872a447-cc6f-43b9-bccf-45703cd81607)
remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Firewall Properties' (909c958d-1b99-4c74-b88f-46a5c5bc34f9)
2020-07-01 14:50:07 remove Policy [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings (bda18df3-5e41-4709-add9-2554ce68c966)
2020-06-16 14:55:25 Name change: '[Preview]: Audit Motion Picture Association of America (MPAA) controls and deploy specific VM Extensions to support audit requirements' to '[Preview]: Motion Picture Association of America (MPAA)'
Description change: 'This initiative includes policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/mpaa-blueprint' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-blueprint.'
2020-01-09 16:38:57 add Initiative 92646f03-e39d-47a9-9e24-58d60ef49af8
Policy count Total Policies: 36
Builtin Policies: 36
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed: modify GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration Fixed: modify GA
All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace a1817ec0-a368-432a-8057-8371e17ac6ee Service Bus Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Audit Linux machines that don't have the specified applications installed d3b823c9-e0fc-4453-9fb2-8213b7338523 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Audit Windows machines that contain certificates expiring within the specified number of days 1417908b-4bff-46ee-a2a6-4acc899320ab Guest Configuration Fixed: auditIfNotExists GA
Audit Windows machines that do not contain the specified certificates in Trusted Root 934345e1-4dfb-4c70-90d7-41990dc9608b Guest Configuration Fixed: auditIfNotExists GA
Audit Windows machines that do not restrict the minimum password length to 14 characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Configure Azure Defender to be enabled on SQL servers 36d49e87-48c4-4f2e-beed-ba4ed02b71f5 SQL Fixed: DeployIfNotExists GA
Deploy default Microsoft IaaSAntimalware extension for Windows Server 2835b622-407b-4114-9198-6f7064cbe0dc Compute Fixed: deployIfNotExists GA
Deploy Diagnostic Settings for Network Security Groups c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Monitoring Fixed: deployIfNotExists GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration Fixed: deployIfNotExists GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed: deployIfNotExists GA
External accounts with owner permissions should be removed from your subscription f8456c1c-aa66-4dfb-861a-25d127b775c9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
IP Forwarding on your virtual machine should be disabled bd352bd5-2853-4985-bf0d-73806b4a5744 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Metric alert rules should be configured on Batch accounts 26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7 Batch Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
MFA should be enabled accounts with write permissions on your subscription 9297c21d-2ed6-4474-b48f-163f75654ce3 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Network interfaces should disable IP forwarding 88c0b9da-ce96-4b03-9635-f29a937e2900 Network Fixed: deny GA
Resource logs in Logic Apps should be enabled 34f95f76-5386-4de7-b824-0d8478470c9d Logic Apps Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Resource logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4 Search Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Security Center Default: Audit
Allowed: (Audit, Disabled)
GA
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
SQL servers with auditing to storage account destination should be configured with 90 days retention or higher 89099bee-89e0-4b26-a5f4-165451757743 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources 0961003e-5a0a-4549-abde-af6a37f2724d Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated 3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'Security Options - Accounts' ee984370-154a-4ee8-9726-19d900e56fc0 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'Security Options - Microsoft Network Client' d6c69680-54f0-4349-af10-94dd05f4225e Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'Security Options - Network Access' 3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'Security Options - Recovery console' f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'Security Options - System settings' 12017595-5a75-4bb1-9d97-4c2c939ea3c3 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'User Rights Assignment' e068b215-0026-4354-b347-8fb2766f73a2 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'Windows Firewall Properties' 35d9882c-993d-44e6-87d2-db66ce21b636 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
JSON