last sync: 2024-May-24 18:02:49 UTC

Deploy Microsoft Defender for Cloud configuration

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Deploy-MDFC-Config
Display nameDeploy Microsoft Defender for Cloud configuration
IdDeploy-MDFC-Config
Version7.0.0
Details on versioning
CategorySecurity Center
DescriptionDeploy Microsoft Defender for Cloud configuration
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 19
Builtin Policies: 18
Static Policies: 0
ALZ Policies: 1
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
[Deprecated]: Configure Azure Defender for DNS to be enabled 2370a3c1-4a25-4283-a91a-c9c1a145fb2f Security Center Default
Disabled
Allowed
DeployIfNotExists, Disabled
1 Security Admin Deprecated BuiltIn
[Deprecated]: Configure Microsoft Defender for APIs should be enabled e54d2be9-5f2e-4d65-98e4-4f0e670b23d6 Security Center Default
Disabled
Allowed
DeployIfNotExists, Disabled
1 Security Admin Deprecated BuiltIn
Configure Azure Defender for App Service to be enabled b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for Azure SQL database to be enabled b99b73e7-074b-4089-9395-b7236f094491 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for open-source relational databases to be enabled 44433aa3-7ec2-4002-93ea-65c65ff0310a Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for Resource Manager to be enabled b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for servers to be enabled 8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Defender for SQL servers on machines to be enabled 50ea7265-7d8c-429e-9a7d-ca1f410191c3 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Azure Kubernetes Service clusters to enable Defender profile 64def556-fbad-4622-930e-72d1d5589bf5 Kubernetes Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Contributor, Log Analytics Contributor GA BuiltIn
Configure machines to receive a vulnerability assessment provider 13ce0167-8ca6-4048-8e6b-f996402e3c1b Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Microsoft Defender CSPM to be enabled 689f7782-ef2c-4270-a6d0-7664869076bd Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Owner GA BuiltIn
Configure Microsoft Defender for Azure Cosmos DB to be enabled 82bf5b87-728b-4a74-ba4d-6123845cf542 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Microsoft Defender for Containers to be enabled c9ddb292-b203-4738-aead-18e2716e858f Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Microsoft Defender for Key Vault plan 1f725891-01c0-420a-9059-4fa46cb770b7 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Configure Microsoft Defender for Storage to be enabled cfdc5972-75b3-4418-8ae1-7f5c36839390 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Owner GA BuiltIn
Deploy Azure Policy Add-on to Azure Kubernetes Service clusters a8eff44f-8c92-45c3-a3fb-9880802d67a7 Kubernetes Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Azure Kubernetes Service Contributor Role, Azure Kubernetes Service Policy Add-on Deployment GA BuiltIn
Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data ffb6f416-7bd2-4488-8828-56585fef2be9 Security Center Fixed
deployIfNotExists
1 Contributor GA BuiltIn
Deploy Microsoft Defender for Cloud Security Contacts Deploy-ASC-SecurityContacts Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA ALZ
Setup subscriptions to transition to an alternative vulnerability assessment solution 766e621d-ba95-4e43-a6f2-e945db3d7888 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA BuiltIn
Roles used
Total Roles usage: 21
Total Roles unique usage: 6
Role Role Id Policies count Policies
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 1 Configure Azure Kubernetes Service clusters to enable Defender profile
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 1 Deploy Azure Policy Add-on to Azure Kubernetes Service clusters
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd 14 [Deprecated]: Configure Azure Defender for DNS to be enabled, [Deprecated]: Configure Microsoft Defender for APIs should be enabled, Configure Azure Defender for App Service to be enabled, Configure Azure Defender for Azure SQL database to be enabled, Configure Azure Defender for open-source relational databases to be enabled, Configure Azure Defender for Resource Manager to be enabled, Configure Azure Defender for servers to be enabled, Configure Azure Defender for SQL servers on machines to be enabled, Configure machines to receive a vulnerability assessment provider, Configure Microsoft Defender for Azure Cosmos DB to be enabled, Configure Microsoft Defender for Containers to be enabled, Configure Microsoft Defender for Key Vault plan, Deploy Microsoft Defender for Cloud Security Contacts, Setup subscriptions to transition to an alternative vulnerability assessment solution
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064 1 Deploy Azure Policy Add-on to Azure Kubernetes Service clusters
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 2 Configure Azure Kubernetes Service clusters to enable Defender profile, Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 2 Configure Microsoft Defender CSPM to be enabled, Configure Microsoft Defender for Storage to be enabled
History none
JSON compare
compare mode: version left: version right:
JSON
EPAC