AzInitiativeAdvertizer

last sync: 2025-May-23 18:26:59 UTC

[Deprecated]: Deploy Microsoft Defender for Cloud configuration

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deploy-MDFC-Config
Display name[Deprecated]: Deploy Microsoft Defender for Cloud configuration
IdDeploy-MDFC-Config
Version7.0.0-deprecated
Details on versioning
CategorySecurity Center
DescriptionDeploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html
Cloud environments AzureCloud
TypeCustom Azure Landing Zones (ALZ)
DeprecatedTrue
PreviewFalse
SupersededBy This ALZ PolicySet definition is superseded by Deploy Microsoft Defender for Cloud configuration (Deploy-MDFC-Config_20240319) Custom Azure Landing Zones (ALZ)
More information on Azure Landing Zones deprecated Policy and PolicySet definitions
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 19
Builtin Policies: 18
Static Policies: 0
ALZ Policies: 1
Deprecated: 2
GA: 17
2 categories:
Kubernetes: 2
Security Center: 17
Policy-used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type policy in AzUSGov
[Deprecated]: Configure Azure Defender for DNS to be enabled 2370a3c1-4a25-4283-a91a-c9c1a145fb2f Security Center Default
Disabled
Allowed
DeployIfNotExists, Disabled		 1 Security Admin Deprecated BuiltIn true
[Deprecated]: Configure Microsoft Defender for APIs should be enabled e54d2be9-5f2e-4d65-98e4-4f0e670b23d6 Security Center Default
Disabled
Allowed
DeployIfNotExists, Disabled		 1 Security Admin Deprecated BuiltIn unknown
Configure Azure Defender for App Service to be enabled b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn unknown
Configure Azure Defender for Azure SQL database to be enabled b99b73e7-074b-4089-9395-b7236f094491 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn true
Configure Azure Defender for open-source relational databases to be enabled 44433aa3-7ec2-4002-93ea-65c65ff0310a Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn unknown
Configure Azure Defender for Resource Manager to be enabled b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn true
Configure Azure Defender for servers to be enabled 8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn true
Configure Azure Defender for SQL servers on machines to be enabled 50ea7265-7d8c-429e-9a7d-ca1f410191c3 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn unknown
Configure Azure Kubernetes Service clusters to enable Defender profile 64def556-fbad-4622-930e-72d1d5589bf5 Kubernetes Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Defender Kubernetes Agent Operator, Kubernetes Agent Operator GA BuiltIn true
Configure machines to receive a vulnerability assessment provider 13ce0167-8ca6-4048-8e6b-f996402e3c1b Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn unknown
Configure Microsoft Defender CSPM to be enabled 689f7782-ef2c-4270-a6d0-7664869076bd Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Owner GA BuiltIn unknown
Configure Microsoft Defender for Azure Cosmos DB to be enabled 82bf5b87-728b-4a74-ba4d-6123845cf542 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn unknown
Configure Microsoft Defender for Containers to be enabled c9ddb292-b203-4738-aead-18e2716e858f Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn true
Configure Microsoft Defender for Key Vault plan 1f725891-01c0-420a-9059-4fa46cb770b7 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn unknown
Configure Microsoft Defender for Storage to be enabled cfdc5972-75b3-4418-8ae1-7f5c36839390 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Owner GA BuiltIn unknown
Deploy Azure Policy Add-on to Azure Kubernetes Service clusters a8eff44f-8c92-45c3-a3fb-9880802d67a7 Kubernetes Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Azure Kubernetes Service Contributor Role, Azure Kubernetes Service Policy Add-on Deployment GA BuiltIn true
Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data ffb6f416-7bd2-4488-8828-56585fef2be9 Security Center Fixed
deployIfNotExists		 1 Contributor GA BuiltIn true
Deploy Microsoft Defender for Cloud Security Contacts Deploy-ASC-SecurityContacts Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA ALZ
Setup subscriptions to transition to an alternative vulnerability assessment solution 766e621d-ba95-4e43-a6f2-e945db3d7888 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 1 Security Admin GA BuiltIn unknown
Roles used
Total Roles usage: 21
Total Roles unique usage: 7
Role Role Id #Policies Policies
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 2 Configure Microsoft Defender CSPM to be enabled, Configure Microsoft Defender for Storage to be enabled
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 1 Deploy Azure Policy Add-on to Azure Kubernetes Service clusters
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd 14 [Deprecated]: Configure Azure Defender for DNS to be enabled, [Deprecated]: Configure Microsoft Defender for APIs should be enabled, Configure Azure Defender for App Service to be enabled, Configure Azure Defender for Azure SQL database to be enabled, Configure Azure Defender for open-source relational databases to be enabled, Configure Azure Defender for Resource Manager to be enabled, Configure Azure Defender for servers to be enabled, Configure Azure Defender for SQL servers on machines to be enabled, Configure machines to receive a vulnerability assessment provider, Configure Microsoft Defender for Azure Cosmos DB to be enabled, Configure Microsoft Defender for Containers to be enabled, Configure Microsoft Defender for Key Vault plan, Deploy Microsoft Defender for Cloud Security Contacts, Setup subscriptions to transition to an alternative vulnerability assessment solution
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064 1 Deploy Azure Policy Add-on to Azure Kubernetes Service clusters
Kubernetes Agent Operator 5e93ba01-8f92-4c7a-b12a-801e3df23824 1 Configure Azure Kubernetes Service clusters to enable Defender profile
Defender Kubernetes Agent Operator 8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5 1 Configure Azure Kubernetes Service clusters to enable Defender profile
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 1 Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data
History none
JSON compare
compare mode: version left: version right:
JSON
EPAC