Policy DisplayName |
Policy Id |
Category |
Effect |
Roles# |
Roles |
State |
Type |
[Preview]: Configure Microsoft Defender for APIs should be enabled |
e54d2be9-5f2e-4d65-98e4-4f0e670b23d6 |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
Preview |
BuiltIn |
Configure Azure Defender for App Service to be enabled |
b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Azure Defender for Azure SQL database to be enabled |
b99b73e7-074b-4089-9395-b7236f094491 |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Azure Defender for DNS to be enabled |
2370a3c1-4a25-4283-a91a-c9c1a145fb2f |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Azure Defender for Key Vaults to be enabled |
1f725891-01c0-420a-9059-4fa46cb770b7 |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Azure Defender for open-source relational databases to be enabled |
44433aa3-7ec2-4002-93ea-65c65ff0310a |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Azure Defender for Resource Manager to be enabled |
b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Azure Defender for servers to be enabled |
8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Azure Defender for SQL servers on machines to be enabled |
50ea7265-7d8c-429e-9a7d-ca1f410191c3 |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Azure Kubernetes Service clusters to enable Defender profile |
64def556-fbad-4622-930e-72d1d5589bf5 |
Kubernetes |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
2 |
Contributor, Log Analytics Contributor |
GA |
BuiltIn |
Configure machines to receive a vulnerability assessment provider |
13ce0167-8ca6-4048-8e6b-f996402e3c1b |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Microsoft Defender CSPM to be enabled |
689f7782-ef2c-4270-a6d0-7664869076bd |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Owner |
GA |
BuiltIn |
Configure Microsoft Defender for Azure Cosmos DB to be enabled |
82bf5b87-728b-4a74-ba4d-6123845cf542 |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Microsoft Defender for Containers to be enabled |
c9ddb292-b203-4738-aead-18e2716e858f |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Configure Microsoft Defender for Storage (Classic) to be enabled |
74c30959-af11-47b3-9ed2-a26e03f427a3 |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
Deploy Azure Policy Add-on to Azure Kubernetes Service clusters |
a8eff44f-8c92-45c3-a3fb-9880802d67a7 |
Kubernetes |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
2 |
Azure Kubernetes Service Contributor Role, Azure Kubernetes Service Policy Add-on Deployment |
GA |
BuiltIn |
Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data |
ffb6f416-7bd2-4488-8828-56585fef2be9 |
Security Center |
Fixed deployIfNotExists |
1 |
Contributor |
GA |
BuiltIn |
Deploy Microsoft Defender for Cloud Security Contacts |
Deploy-ASC-SecurityContacts |
Security Center |
Default DeployIfNotExists Allowed DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
ALZ |