JSON
Copy definition Copy definition 4 EPAC EPAC
{ 7 items policyType: "Custom" , displayName: "Deploy Microsoft Defender for Cloud configuration" , description: "Deploy Microsoft Defender for Cloud configuration" , metadata: { 5 items version: "2.2.0" , category: "Security Center" , source: "https://github.com/Azure/Enterprise-Scale/" , replacesPolicy: "Deploy-MDFC-Config" , alzCloudEnvironments: [ 1 item ] } , parameters: { 20 items emailSecurityContact: { 2 items type: "string" , metadata: { 2 items displayName: "Security contacts email address" , description: "Provide email address for Microsoft Defender for Cloud contact details" } } , minimalSeverity: { 4 items } , logAnalytics: { 2 items type: "String" , metadata: { 3 items displayName: "Primary Log Analytics workspace" , description: "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID." , strongType: "omsWorkspace" } } , ascExportResourceGroupName: { 2 items type: "String" , metadata: { 2 items displayName: "Resource Group name for the export to Log Analytics workspace configuration" , description: "The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured." } } , ascExportResourceGroupLocation: { 2 items type: "String" , metadata: { 2 items displayName: "Resource Group location for the export to Log Analytics workspace configuration" , description: "The location where the resource group and the export to Log Analytics workspace configuration are created." } } , createResourceGroup: { 4 items type: "Boolean" , metadata: { 2 items displayName: "Create resource group" , description: "If a resource group does not exists in the scope, a new resource group will be created. If the resource group exists and this flag is set to 'true' the policy will re-deploy the resource group. Please note this will reset any Azure Tag on the resource group." } , defaultValue: true , allowedValues: [ 2 items ] } , enableAscForCosmosDbs: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForSql: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForSqlOnVm: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForArm: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForOssDb: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForAppServices: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForKeyVault: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForStorage: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForContainers: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForServers: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableAscForServersVulnerabilityAssessments: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , vulnerabilityAssessmentProvider: { 4 items type: "String" , allowedValues: [ 2 items ] , defaultValue: "mdeTvm" , metadata: { 2 items displayName: "Vulnerability assessment provider type" , description: "Select the vulnerability assessment solution to provision to machines." } } , enableAscForCspm: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } , enableTvmCheck: { 4 items type: "String" , allowedValues: [ 2 items "DeployIfNotExists" , "Disabled" ] , defaultValue: "DeployIfNotExists" , metadata: { 2 items displayName: "Effect" , description: "Enable or disable the execution of the policy" } } } , policyDefinitions: [ 17 items { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items } , { 5 items policyDefinitionReferenceId: "securityEmailContact" , policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts" , definitionVersion: 1.*.*1.0.0 , parameters: { 2 items } , groupNames: [] } , { 5 items } , { 4 items } ] , policyDefinitionGroups: null }