last sync: 2023-Jan-27 18:40:05 UTC

Azure Landing Zones (ALZ) Policy Initiative

Deploy Microsoft Defender for Cloud configuration

Name Deploy Microsoft Defender for Cloud configuration
Azure Landing Zones (ALZ) GitHub
JSON Deploy-MDFC-Config
IdDeploy-MDFC-Config
Version3.1.1
details on versioning
CategorySecurity Center
Microsoft docs
DescriptionDeploy Microsoft Defender for Cloud configuration
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
History none
Policy count Total Policies: 13
Builtin Policies: 12
Static Policies: 0
ALZ Policies: 1
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
Configure Azure Defender for App Service to be enabled b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for Azure SQL database to be enabled b99b73e7-074b-4089-9395-b7236f094491 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for DNS to be enabled 2370a3c1-4a25-4283-a91a-c9c1a145fb2f Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for Key Vaults to be enabled 1f725891-01c0-420a-9059-4fa46cb770b7 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for open-source relational databases to be enabled 44433aa3-7ec2-4002-93ea-65c65ff0310a Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for Resource Manager to be enabled b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for servers to be enabled 8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for SQL servers on machines to be enabled 50ea7265-7d8c-429e-9a7d-ca1f410191c3 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for Storage to be enabled 74c30959-af11-47b3-9ed2-a26e03f427a3 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Microsoft Defender for Azure Cosmos DB to be enabled 82bf5b87-728b-4a74-ba4d-6123845cf542 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Microsoft Defender for Containers to be enabled c9ddb292-b203-4738-aead-18e2716e858f Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data ffb6f416-7bd2-4488-8828-56585fef2be9 Security Center Fixed
deployIfNotExists
1 Contributor GA BuiltIn
Deploy Microsoft Defender for Cloud Security Contacts Deploy-ASC-SecurityContacts Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA ALZ
Roles used Total Roles usage: 13
Total Roles unique usage: 2
Role Role Id Policies count Policies
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd 12 Configure Azure Defender for App Service to be enabled, Configure Azure Defender for Azure SQL database to be enabled, Configure Azure Defender for DNS to be enabled, Configure Azure Defender for Key Vaults to be enabled, Configure Azure Defender for open-source relational databases to be enabled, Configure Azure Defender for Resource Manager to be enabled, Configure Azure Defender for servers to be enabled, Configure Azure Defender for SQL servers on machines to be enabled, Configure Azure Defender for Storage to be enabled, Configure Microsoft Defender for Azure Cosmos DB to be enabled, Configure Microsoft Defender for Containers to be enabled, Deploy Microsoft Defender for Cloud Security Contacts
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 1 Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data
JSON