last sync: 2021-Oct-15 16:53:14 UTC

Azure Policy Initiative

[Preview]: CMMC Level 3

Name[Preview]: CMMC Level 3
Azure Portal
Idb5629c75-5c77-4422-87b9-2509e680f8de
Version4.0.0-preview
details on versioning
CategoryRegulatory Compliance
Microsoft docs
DescriptionThis initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative.
TypeBuiltIn
DeprecatedFalse
PreviewTrue
History
Date/Time (UTC ymd) (i) Changes
2021-09-30 16:01:51 remove Policy [Deprecated]: RDP access from the Internet should be blocked (e372f825-a257-4fb8-9175-797a8a8627d6)
remove Policy [Deprecated]: SSH access from the Internet should be blocked (2c89a2e5-7285-40fe-afe0-ae8654b92fab)
2021-04-21 13:28:48 remove Policy [Deprecated]: Cognitive Services accounts should enable data encryption (2bdd0062-9d75-436e-89df-487dd8e4b3c7)
2021-02-17 14:28:42 remove Policy Audit Windows machines that have extra accounts in the Administrators group (3d2a3320-2a72-4c67-ac5f-caa40fbee2b2)
remove Policy Audit Windows machines that are not set to the specified time zone (c633f6a2-7f8b-4d9e-9456-02f0f04f5505)
2021-02-03 15:09:01 remove Policy [Deprecated]: Vulnerabilities should be remediated by a Vulnerability Assessment solution (760a85ff-6162-42b3-8d70-698e268f648c)
remove Policy [Deprecated]: A security contact phone number should be provided for your subscription (b4d66858-c922-44e3-9566-5cdb7a7be744)
2021-01-22 09:14:56 add Initiative b5629c75-5c77-4422-87b9-2509e680f8de
Policy count Total Policies: 176
Builtin Policies: 176
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect State
[Preview]: All Internet traffic should be routed via your deployed Azure Firewall fc5e4038-4584-4632-8c85-c0448d374b2c Network Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Preview
[Preview]: Azure Key Vault should disable public network access 55615ac9-af46-4a59-874e-391cc3dfb490 Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)
Preview
[Preview]: Linux machines should meet requirements for the Azure compute security baseline fc9b3da7-8347-4380-8e70-0a0361d8dedd Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Preview
[Preview]: Log Analytics Extension should be enabled for listed virtual machine images 32133ab0-ee4b-4b44-98d6-042180979d50 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Preview
[Preview]: Storage account public access should be disallowed 4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage Default: audit
Allowed: (audit, deny, disabled)
Preview
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Activity log should be retained for at least one year b02aacc0-b073-424e-8298-42b22829ee0a Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Adaptive application controls for defining safe applications should be enabled on your machines 47a6b606-51aa-4496-8bb7-64b11cf66adc Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Adaptive network hardening recommendations should be applied on internet facing virtual machines 08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed: modify GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration Fixed: modify GA
All network ports should be restricted on network security groups associated to your virtual machine 9daedab3-fb2d-461e-b861-71790eead4f6 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Allowlist rules in your adaptive application control policy should be updated 123a3936-f020-408a-ba0c-47873faf1534 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
An activity log alert should exist for specific Administrative operations b954148f-4c11-4c38-8221-be76711e194a Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
An activity log alert should exist for specific Policy operations c5447c04-a4d7-4ba8-a263-c9ee321a6858 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
An activity log alert should exist for specific Security operations 3b980d31-7904-4bb7-8575-5665739a8052 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
An Azure Active Directory administrator should be provisioned for SQL servers 1f314764-cb73-4fc9-b863-8eca98ac36e9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
API App should only be accessible over HTTPS b7ddfbdc-1260-477d-91fd-98bd9be789a6 App Service Default: Audit
Allowed: (Audit, Disabled)
GA
Audit diagnostic setting 7f89b1eb-583c-429a-8828-af049802c1d9 Monitoring Fixed: AuditIfNotExists GA
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Audit Linux machines that have accounts without passwords f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Audit usage of custom RBAC rules a451c1ef-c6ca-483d-87ed-f49761e3ffb5 General Default: Audit
Allowed: (Audit, Disabled)
GA
Audit virtual machines without disaster recovery configured 0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Compute Fixed: auditIfNotExists GA
Audit Windows machines missing any of specified members in the Administrators group 30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Guest Configuration Fixed: auditIfNotExists GA
Audit Windows machines that allow re-use of the previous 24 passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Audit Windows machines that do not restrict the minimum password length to 14 characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Audit Windows machines that do not store passwords using reversible encryption da0f98fe-a24b-4ad5-af69-bd0400233661 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Audit Windows machines that have the specified members in the Administrators group 69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Guest Configuration Fixed: auditIfNotExists GA
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Azure API for FHIR should use a customer-managed key to encrypt data at rest 051cba44-2429-45b9-9649-46cec11c7119 API for FHIR Default: audit
Allowed: (audit, disabled)
GA
Azure Backup should be enabled for Virtual Machines 013e242c-8828-4970-87b3-ab247555486d Backup Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Data Box jobs should enable double encryption for data at rest on the device c349d81b-9985-44ae-a8da-ff98d108ede8 Data Box Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Azure Data Explorer encryption at rest should use a customer-managed key 81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Azure Defender for App Service should be enabled 2913021d-f2fd-4f3d-b958-22354e2bdbcb Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Defender for Azure SQL Database servers should be enabled 7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Defender for container registries should be enabled c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Defender for Key Vault should be enabled 0e6763cc-5078-4e64-889d-ff4d9a839047 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Defender for Kubernetes should be enabled 523b5cd1-3e23-492f-a539-13118b6d1e3a Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Defender for servers should be enabled 4da35fc9-c9e7-4960-aec9-797fe7d9051d Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Defender for SQL servers on machines should be enabled 6581d072-105e-4418-827f-bd446d56421b Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Defender for SQL should be enabled for unprotected Azure SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Defender for SQL should be enabled for unprotected SQL Managed Instances abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Defender for Storage should be enabled 308fbb08-4ab8-4e67-9b29-592e93fb94fa Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' 1a4e592a-6a6e-44a5-9814-e36264ca96e7 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Monitor should collect activity logs from all regions 41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Stream Analytics jobs should use customer-managed keys to encrypt data 87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Stream Analytics Default: audit
Allowed: (audit, deny, disabled)
GA
Azure subscriptions should have a log profile for Activity Log 7796937f-307b-4598-941c-67d3a05ebfe7 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Azure Synapse workspaces should use customer-managed keys to encrypt data at rest f7d52b2d-e161-4dfa-a82b-55e564167385 Synapse Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys 7d7be79c-23ba-4033-84dd-45e2a5ccdd67 Kubernetes Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Certificates using RSA cryptography should have the specified minimum key size cee51871-e572-4576-855c-047c820360f0 Key Vault Default: audit
Allowed: (audit, deny, disabled)
GA
Cognitive Services accounts should disable public network access 0725b4dd-7e76-479c-a735-68e7ee23d5ca Cognitive Services Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Cognitive Services accounts should enable data encryption with a customer-managed key 67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Cognitive Services accounts should restrict network access 037eea7a-bd0a-46c5-9a66-03aea78705d3 Cognitive Services Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Container registries should be encrypted with a customer-managed key 5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container Registry Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Container registries should not allow unrestricted network access d0793b48-0edc-4296-a390-4c75d1bdfd71 Container Registry Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
CORS should not allow every domain to access your API for FHIR 0fea8f8a-4169-495d-8307-30ec335f387d API for FHIR Default: audit
Allowed: (audit, disabled)
GA
CORS should not allow every resource to access your API App 358c20a6-3f9e-4f0e-97ff-c6ce485e2aac App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
CORS should not allow every resource to access your Function Apps 0820b7b9-23aa-4725-a1ce-ae4558f718e5 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
CORS should not allow every resource to access your Web Applications 5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Deploy Advanced Threat Protection for Cosmos DB Accounts b5f04e03-92a3-4b09-9410-2cc5e5047656 Cosmos DB Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
GA
Deploy Advanced Threat Protection on storage accounts 361c2074-3595-4e5d-8cab-4f21dffc835c Storage Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)
GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration Fixed: deployIfNotExists GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed: deployIfNotExists GA
Deprecated accounts should be removed from your subscription 6b1cbf55-e8b6-442f-ba4c-7246b6381474 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Deprecated accounts with owner permissions should be removed from your subscription ebb62a0c-3560-49e1-89ed-27e074e9f8ad Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Diagnostic logs in App Services should be enabled b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Disk encryption should be enabled on Azure Data Explorer f4b53539-8df9-40e4-86c6-6b607703bd4e Azure Data Explorer Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Double encryption should be enabled on Azure Data Explorer ec068d99-e9c7-401f-8cef-5bdde4e6ccf1 Azure Data Explorer Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Email notification for high severity alerts should be enabled 6e2593d9-add6-4083-9c9b-4b7d2188c899 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Email notification to subscription owner for high severity alerts should be enabled 0b15565f-aa9e-48ba-8619-45960f2c314d Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Endpoint protection solution should be installed on virtual machine scale sets 26a828e1-e88f-464e-bbb3-c134a282b9de Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Enforce SSL connection should be enabled for MySQL database servers e802a67a-daf5-4436-9ea6-f6d821dd0c5d SQL Default: Audit
Allowed: (Audit, Disabled)
GA
Enforce SSL connection should be enabled for PostgreSQL database servers d158790f-bfb0-486c-8631-2dc6b4e8e6af SQL Default: Audit
Allowed: (Audit, Disabled)
GA
Ensure that 'HTTP Version' is the latest, if used to run the API app 991310cd-e9f3-47bc-b7b6-f57b557d07db App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'HTTP Version' is the latest, if used to run the Function app e2c1c086-2d84-4019-bff3-c44ccd95113c App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'HTTP Version' is the latest, if used to run the Web app 8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'Java version' is the latest, if used as a part of the API app 88999f4c-376a-45c8-bcb3-4058f713cf39 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'Java version' is the latest, if used as a part of the Function app 9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'Java version' is the latest, if used as a part of the Web app 496223c3-ad65-4ecd-878a-bae78737e9ed App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'PHP version' is the latest, if used as a part of the API app 1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'PHP version' is the latest, if used as a part of the WEB app 7261b898-8a84-4db8-9e04-18527132abb3 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'Python version' is the latest, if used as a part of the API app 74c3584d-afae-46f7-a20a-6f8adba71a16 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'Python version' is the latest, if used as a part of the Function app 7238174a-fd10-4ef0-817e-fc820a951d73 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Ensure that 'Python version' is the latest, if used as a part of the Web app 7008174a-fd10-4ef0-817e-fc820a951d73 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
External accounts with owner permissions should be removed from your subscription f8456c1c-aa66-4dfb-861a-25d127b775c9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
External accounts with read permissions should be removed from your subscription 5f76cf89-fbf2-47fd-a3f4-b891fa780b60 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
External accounts with write permissions should be removed from your subscription 5c607a2e-c700-4744-8254-d77e7c9eb5e4 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Flow logs should be configured for every network security group c251913d-7d24-4958-af87-478ed3b9ba41 Network Default: Audit
Allowed: (Audit, Disabled)
GA
Function App should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab App Service Default: Audit
Allowed: (Audit, Disabled)
GA
Geo-redundant backup should be enabled for Azure Database for MariaDB 0ec47710-77ff-4a3d-9181-6aa50af424d0 SQL Default: Audit
Allowed: (Audit, Disabled)
GA
Geo-redundant backup should be enabled for Azure Database for MySQL 82339799-d096-41ae-8538-b108becf0970 SQL Default: Audit
Allowed: (Audit, Disabled)
GA
Geo-redundant backup should be enabled for Azure Database for PostgreSQL 48af4db5-9b8b-401c-8e74-076be876a430 SQL Default: Audit
Allowed: (Audit, Disabled)
GA
Guest Configuration extension should be installed on your machines ae89ebca-1c92-4898-ac2c-9f63decb045c Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Infrastructure encryption should be enabled for Azure Database for MySQL servers 3a58212a-c829-4f13-9872-6371df2fd0b4 SQL Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers 24fba194-95d6-48c0-aea7-f65bf859c598 SQL Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Internet-facing virtual machines should be protected with network security groups f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Key Vault keys should have an expiration date 152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Key vaults should have purge protection enabled 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Key vaults should have soft delete enabled 1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Keys should be the specified cryptographic type RSA or EC 75c4f823-d65c-4f29-a733-01d0077fdbcb Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Keys using elliptic curve cryptography should have the specified curve names ff25f3c8-b739-4538-9d07-3d6d25cfb255 Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Keys using RSA cryptography should have a specified minimum key size 82067dbb-e53b-4e06-b631-546d197452d9 Key Vault Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Kubernetes cluster pods should only use approved host network and port range 82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes Default: audit
Allowed: (audit, deny, disabled)
GA
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version fb893a29-21bb-418c-a157-e99480ec364c Security Center Default: Audit
Allowed: (Audit, Disabled)
GA
Latest TLS version should be used in your API App 8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Latest TLS version should be used in your Function App f9d614c5-c173-4d56-95a7-b4437057d193 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Latest TLS version should be used in your Web App f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images 5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Long-term geo-redundant backup should be enabled for Azure SQL Databases d38fc420-0735-4ef3-ac11-c806f651a570 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Management ports of virtual machines should be protected with just-in-time network access control b0f33259-77d7-4c9e-aac6-3aabcfae693c Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
MFA should be enabled accounts with write permissions on your subscription 9297c21d-2ed6-4474-b48f-163f75654ce3 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
MFA should be enabled on accounts with owner permissions on your subscription aa633080-8b72-40c4-a2d7-d00c03e80bed Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
MFA should be enabled on accounts with read permissions on your subscription e3576e28-8b17-4677-84c3-db2990658d64 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Microsoft Antimalware for Azure should be configured to automatically update protection signatures c43e4a30-77cb-48ab-a4dd-93f175c63b57 Compute Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Microsoft IaaSAntimalware extension should be deployed on Windows servers 9b597639-28e4-48eb-b506-56b05d366257 Compute Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Network Watcher should be enabled b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Non-internet-facing virtual machines should be protected with network security groups bb91dfba-c30d-4263-9add-9c2384e659a6 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb Cache Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Public network access on Azure SQL Database should be disabled 1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Public network access should be disabled for MariaDB servers fdccbe47-f3e3-4213-ad5d-ea459b2fa077 SQL Default: Audit
Allowed: (Audit, Disabled)
GA
Public network access should be disabled for MySQL flexible servers c9299215-ae47-4f50-9c54-8a392f68a052 SQL Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Public network access should be disabled for MySQL servers d9844e8a-1437-4aeb-a32c-0c992f056095 SQL Default: Audit
Allowed: (Audit, Disabled)
GA
Public network access should be disabled for PostgreSQL flexible servers 5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 SQL Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Public network access should be disabled for PostgreSQL servers b52376f7-9612-48a1-81cd-1ffe4b61032c SQL Default: Audit
Allowed: (Audit, Disabled)
GA
Remote debugging should be turned off for API Apps e9c8d085-d9cc-4b17-9cdc-059f1f01f19e App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Remote debugging should be turned off for Function Apps 0e60b895-3786-45da-8377-9c6b4b6ac5f9 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Remote debugging should be turned off for Web Applications cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Require encryption on Data Lake Store accounts a7ff3161-0087-490a-9ad9-ad6217f4f43a Data Lake Fixed: deny GA
Resource logs in IoT Hub should be enabled 383856f8-de7f-44a2-81fc-e5135b5c2aa4 Internet of Things Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Security Center Default: Audit
Allowed: (Audit, Disabled)
GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Security Center standard pricing tier should be selected a1181c5f-672a-477a-979a-7d58aa086233 Security Center Default: Audit
Allowed: (Audit, Disabled)
GA
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign 617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
SQL managed instances should use customer-managed keys to encrypt data at rest 048248b0-55cd-46da-b1ff-39efd52db260 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
SQL servers should use customer-managed keys to encrypt data at rest 0d134df8-db83-46fb-ad72-fe0c9428c8dd SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Storage accounts should allow access from trusted Microsoft services c9d007d0-c057-4772-b18c-01e546713bcd Storage Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Storage accounts should have infrastructure encryption 4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Storage accounts should restrict network access 34c877ad-507e-4c82-993e-3452a6e0ad3c Storage Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Storage accounts should use customer-managed key for encryption 6fac406b-40ca-413b-bf8e-0bf964659c25 Storage Default: Audit
Allowed: (Audit, Disabled)
GA
Subnets should be associated with a Network Security Group e71308d3-144b-4262-b144-efdc3cc90517 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Subscriptions should have a contact email address for security issues 4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
System updates on virtual machine scale sets should be installed c3f317a7-a95c-4547-b7e7-11017ebdf2fe Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
The Log Analytics extension should be installed on Virtual Machine Scale Sets efbde977-ba53-4479-b8e9-10b957924fbf Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Unattached disks should be encrypted 2c89a2e5-7285-40fe-afe0-ae8654b92fb2 Compute Default: Audit
Allowed: (Audit, Disabled)
GA
Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity d26f7642-7545-4e18-9b75-8c9bbdee3a9a Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Virtual machines should be connected to a specified workspace f47b5582-33ec-4c5c-87c0-b010a6b2e917 Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources 0961003e-5a0a-4549-abde-af6a37f2724d Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Virtual machines should have the Log Analytics extension installed a70ca396-0a34-413a-88e1-b956c1e683be Monitoring Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Vulnerabilities in Azure Container Registry images should be remediated 5f0f936f-2f01-4bf5-b6be-d423792fa562 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Vulnerabilities in container security configurations should be remediated e8cbc669-f12d-49eb-93e7-9273119e9933 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Vulnerabilities in security configuration on your machines should be remediated e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Vulnerabilities in security configuration on your virtual machine scale sets should be remediated 3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Security Center Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports 057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 SQL Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Web Application Firewall (WAF) should be enabled for Application Gateway 564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Network Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Web Application Firewall (WAF) should be enabled for Azure Front Door Service service 055aa869-bc98-4af8-bafc-23f1ab6ffe2c Network Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Web Application Firewall (WAF) should use the specified mode for Application Gateway 12430be1-6cc8-4527-a9a8-e3d38f250096 Network Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service 425bea59-a659-4cbb-8d31-34499bd030b8 Network Default: Audit
Allowed: (Audit, Deny, Disabled)
GA
Web Application should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service Default: Audit
Allowed: (Audit, Disabled)
GA
Windows machines should meet requirements for 'Security Options - Network Access' 3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'Security Options - Network Security' 1221c620-d201-468c-81e7-2817e6107e84 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'Security Options - User Account Control' 492a29ed-d143-4f03-b6a4-705ce081b463 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'System Audit Policies - Policy Change' 2a7a701e-dff3-4da9-9ec5-42cb98594c0b Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'System Audit Policies - Privilege Use' 87845465-c458-45f3-af66-dcd62176f397 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows machines should meet requirements for 'User Rights Assignment' e068b215-0026-4354-b347-8fb2766f73a2 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
Windows web servers should be configured to use secure communication protocols 5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Guest Configuration Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
GA
JSON
{
  "displayName": "[Preview]: CMMC Level 3",
  "policyType": "BuiltIn",
  "description": "This initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative.",
  "metadata": {
    "version": "4.0.0-preview",
    "preview": true,
    "category": "Regulatory Compliance"
  },
  "parameters": {
    "IncludeArcMachines": {
      "type": "String",
      "metadata": {
        "displayName": "Include Arc-connected servers when evaluating guest configuration policies",
        "description": "By selecting 'true,' you agree to be charged monthly per Arc connected machine; for more information, visit https://aka.ms/policy-pricing"
      },
      "allowedValues": [
        "true",
        "false"
      ],
      "defaultValue": "false"
    },
    "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": {
      "type": "String",
      "metadata": {
        "displayName": "List of users that must be excluded from Windows VM Administrators group",
        "description": "A semicolon-separated list of users that should be excluded in the Administrators local group; Ex: Administrator; myUser1; myUser2"
      }
    },
    "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": {
      "type": "String",
      "metadata": {
        "displayName": "List of users that must be included in Windows VM Administrators group",
        "description": "A semicolon-separated list of users that should be included in the Administrators local group; Ex: Administrator; myUser1; myUser2"
      }
    },
    "Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: List of users that Windows VM Administrators group must only include",
        "description": "A semicolon-separated list of all the expected members of the Administrators local group; Ex: Administrator; myUser1; myUser2",
        "deprecated": true
      },
      "defaultValue": "Administrator"
    },
    "logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
      "type": "String",
      "metadata": {
        "displayName": "Log Analytics workspace ID for VM agent reporting",
        "description": "ID (GUID) of the Log Analytics workspace where VMs agents should report"
      }
    },
    "effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Adaptive network hardening recommendations should be applied on internet facing virtual machines",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: There should be more than one owner assigned to your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-0961003e-5a0a-4549-abde-af6a37f2724d": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-0b15565f-aa9e-48ba-8619-45960f2c314d": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Email notification to subscription owner for high severity alerts should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Remote debugging should be turned off for Function Apps",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-17k78e20-9358-41c9-923c-fb736d382a12": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Transparent Data Encryption on SQL databases should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'PHP version' is the latest, if used as a part of the API app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "PHPLatestVersion": {
      "type": "String",
      "metadata": {
        "displayName": "Latest PHP version for App Services",
        "description": "Latest supported PHP version for App Services"
      },
      "defaultValue": "7.3"
    },
    "effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Only secure connections to your Azure Cache for Redis should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84": {
      "type": "String",
      "metadata": {
        "displayName": "Network Security: Configure encryption types allowed for Kerberos",
        "description": "Specifies the encryption types that Kerberos is allowed to use."
      },
      "defaultValue": "2147483644"
    },
    "NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84": {
      "type": "String",
      "metadata": {
        "displayName": "Network security: LAN Manager authentication level",
        "description": "Specify which challenge-response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers."
      },
      "defaultValue": "5"
    },
    "NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84": {
      "type": "String",
      "metadata": {
        "displayName": "Network security: LDAP client signing requirements",
        "description": "Specify the level of data signing that is requested on behalf of clients that issue LDAP BIND requests."
      },
      "defaultValue": "1"
    },
    "NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84": {
      "type": "String",
      "metadata": {
        "displayName": "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients",
        "description": "Specifies which behaviors are allowed by clients for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers for more information."
      },
      "defaultValue": "537395200"
    },
    "NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84": {
      "type": "String",
      "metadata": {
        "displayName": "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers",
        "description": "Specifies which behaviors are allowed by servers for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services."
      },
      "defaultValue": "537395200"
    },
    "effect-1221c620-d201-468c-81e7-2817e6107e84": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Network Security'",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Audit Windows machines that do not restrict the minimum password length to 14 characters",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-26a828e1-e88f-464e-bbb3-c134a282b9de": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "listOfImageIdToInclude_windows": {
      "type": "Array",
      "metadata": {
        "displayName": "Optional: List of VM images that have supported Windows OS to add to scope when auditing Log Analytics agent deployment",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
      },
      "defaultValue": []
    },
    "listOfImageIdToInclude_linux": {
      "type": "Array",
      "metadata": {
        "displayName": "Optional: List of VM images that have supported Linux OS to add to scope when auditing Log Analytics agent deployment",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
      },
      "defaultValue": []
    },
    "listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50": {
      "type": "Array",
      "metadata": {
        "displayName": "[Deprecated]: Optional: List of VM images that have supported Windows OS to add to scope",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'",
        "deprecated": true
      },
      "defaultValue": []
    },
    "listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50": {
      "type": "Array",
      "metadata": {
        "displayName": "[Deprecated]: Optional: List of VM images that have supported Linux OS to add to scope",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'",
        "deprecated": true
      },
      "defaultValue": []
    },
    "effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Audit Linux machines that have accounts without passwords",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-34c877ad-507e-4c82-993e-3452a6e0ad3c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Storage accounts should restrict network access",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-404c3081-a854-4457-ae30-26a93ef643f9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Secure transfer to storage accounts should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-47a6b606-51aa-4496-8bb7-64b11cf66adc": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-496223c3-ad65-4ecd-878a-bae78737e9ed": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'Java version' is the latest, if used as a part of the Web app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "JavaLatestVersion": {
      "type": "String",
      "metadata": {
        "displayName": "Latest Java version for App Services",
        "description": "Latest supported Java version for App Services"
      },
      "defaultValue": "11"
    },
    "effect-4f11b553-d42e-4e3a-89be-32ca364cad4c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: A maximum of 3 owners should be designated for your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Subscriptions should have a contact email address for security issues",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": {
      "type": "Array",
      "metadata": {
        "displayName": "[Deprecated]: Optional: List of VM images that have supported Windows OS to add to scope",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'",
        "deprecated": true
      },
      "defaultValue": []
    },
    "listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": {
      "type": "Array",
      "metadata": {
        "displayName": "[Deprecated]: Optional: List of VM images that have supported Linux OS to add to scope",
        "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'",
        "deprecated": true
      },
      "defaultValue": []
    },
    "effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: External accounts with write permissions should be removed from your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: External accounts with read permissions should be removed from your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Deprecated accounts should be removed from your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Function App should only be accessible over HTTPS",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-7008174a-fd10-4ef0-817e-fc820a951d73": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'Python version' is the latest, if used as a part of the Web app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "LinuxPythonLatestVersion": {
      "type": "String",
      "metadata": {
        "displayName": "Latest Python version for Linux for App Services",
        "description": "Latest supported Python version for App Services"
      },
      "defaultValue": "3.8"
    },
    "effect-7238174a-fd10-4ef0-817e-fc820a951d73": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'Python version' is the latest, if used as a part of the Function app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-7261b898-8a84-4db8-9e04-18527132abb3": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'PHP version' is the latest, if used as a part of the WEB app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Audit Windows machines that allow re-use of the previous 24 passwords",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-74c3584d-afae-46f7-a20a-6f8adba71a16": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'Python version' is the latest, if used as a part of the API app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-760a85ff-6162-42b3-8d70-698e268f648c": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Effect for policy: Vulnerabilities should be remediated by a Vulnerability Assessment solution",
        "description": "For more information about effects, visit https://aka.ms/policyeffects",
        "deprecated": true
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "Disabled"
    },
    "effect-bf16e0bb-31e1-4646-8202-60a235cc7e74": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Audit Windows machines that do not have the password complexity setting enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9": {
      "type": "Array",
      "metadata": {
        "displayName": "List of resource types that should have resource logs enabled",
        "strongType": "resourceTypes"
      },
      "allowedValues": [
        "Microsoft.AnalysisServices/servers",
        "Microsoft.ApiManagement/service",
        "Microsoft.Network/applicationGateways",
        "Microsoft.Automation/automationAccounts",
        "Microsoft.ContainerInstance/containerGroups",
        "Microsoft.ContainerRegistry/registries",
        "Microsoft.ContainerService/managedClusters",
        "Microsoft.Batch/batchAccounts",
        "Microsoft.Cdn/profiles/endpoints",
        "Microsoft.CognitiveServices/accounts",
        "Microsoft.DocumentDB/databaseAccounts",
        "Microsoft.DataFactory/factories",
        "Microsoft.DataLakeAnalytics/accounts",
        "Microsoft.DataLakeStore/accounts",
        "Microsoft.EventGrid/eventSubscriptions",
        "Microsoft.EventGrid/topics",
        "Microsoft.EventHub/namespaces",
        "Microsoft.Network/expressRouteCircuits",
        "Microsoft.Network/azureFirewalls",
        "Microsoft.HDInsight/clusters",
        "Microsoft.Devices/IotHubs",
        "Microsoft.KeyVault/vaults",
        "Microsoft.Network/loadBalancers",
        "Microsoft.Logic/integrationAccounts",
        "Microsoft.Logic/workflows",
        "Microsoft.DBforMySQL/servers",
        "Microsoft.Network/networkInterfaces",
        "Microsoft.Network/networkSecurityGroups",
        "Microsoft.DBforPostgreSQL/servers",
        "Microsoft.PowerBIDedicated/capacities",
        "Microsoft.Network/publicIPAddresses",
        "Microsoft.RecoveryServices/vaults",
        "Microsoft.Cache/redis",
        "Microsoft.Relay/namespaces",
        "Microsoft.Search/searchServices",
        "Microsoft.ServiceBus/namespaces",
        "Microsoft.SignalRService/SignalR",
        "Microsoft.Sql/servers/databases",
        "Microsoft.Sql/servers/elasticPools",
        "Microsoft.StreamAnalytics/streamingjobs",
        "Microsoft.TimeSeriesInsights/environments",
        "Microsoft.Network/trafficManagerProfiles",
        "Microsoft.Compute/virtualMachines",
        "Microsoft.Compute/virtualMachineScaleSets",
        "Microsoft.Network/virtualNetworks",
        "Microsoft.Network/virtualNetworkGateways"
      ],
      "defaultValue": [
        "Microsoft.AnalysisServices/servers",
        "Microsoft.ApiManagement/service",
        "Microsoft.Network/applicationGateways",
        "Microsoft.Automation/automationAccounts",
        "Microsoft.ContainerInstance/containerGroups",
        "Microsoft.ContainerRegistry/registries",
        "Microsoft.ContainerService/managedClusters",
        "Microsoft.Batch/batchAccounts",
        "Microsoft.Cdn/profiles/endpoints",
        "Microsoft.CognitiveServices/accounts",
        "Microsoft.DocumentDB/databaseAccounts",
        "Microsoft.DataFactory/factories",
        "Microsoft.DataLakeAnalytics/accounts",
        "Microsoft.DataLakeStore/accounts",
        "Microsoft.EventGrid/eventSubscriptions",
        "Microsoft.EventGrid/topics",
        "Microsoft.EventHub/namespaces",
        "Microsoft.Network/expressRouteCircuits",
        "Microsoft.Network/azureFirewalls",
        "Microsoft.HDInsight/clusters",
        "Microsoft.Devices/IotHubs",
        "Microsoft.KeyVault/vaults",
        "Microsoft.Network/loadBalancers",
        "Microsoft.Logic/integrationAccounts",
        "Microsoft.Logic/workflows",
        "Microsoft.DBforMySQL/servers",
        "Microsoft.Network/networkInterfaces",
        "Microsoft.Network/networkSecurityGroups",
        "Microsoft.DBforPostgreSQL/servers",
        "Microsoft.PowerBIDedicated/capacities",
        "Microsoft.Network/publicIPAddresses",
        "Microsoft.RecoveryServices/vaults",
        "Microsoft.Cache/redis",
        "Microsoft.Relay/namespaces",
        "Microsoft.Search/searchServices",
        "Microsoft.ServiceBus/namespaces",
        "Microsoft.SignalRService/SignalR",
        "Microsoft.Sql/servers/databases",
        "Microsoft.Sql/servers/elasticPools",
        "Microsoft.StreamAnalytics/streamingjobs",
        "Microsoft.TimeSeriesInsights/environments",
        "Microsoft.Network/trafficManagerProfiles",
        "Microsoft.Compute/virtualMachines",
        "Microsoft.Compute/virtualMachineScaleSets",
        "Microsoft.Network/virtualNetworks",
        "Microsoft.Network/virtualNetworkGateways"
      ]
    },
    "effect-86b3d65f-7626-441e-b690-81a8b71cff60": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: System updates should be installed on your machines",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-88999f4c-376a-45c8-bcb3-4058f713cf39": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'Java version' is the latest, if used as a part of the API app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'HTTP Version' is the latest, if used to run the Web app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Latest TLS version should be used in your API App",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-da0f98fe-a24b-4ad5-af69-bd0400233661": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Audit Windows machines that do not store passwords using reversible encryption",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-9297c21d-2ed6-4474-b48f-163f75654ce3": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: MFA should be enabled accounts with write permissions on your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-991310cd-e9f3-47bc-b7b6-f57b557d07db": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'HTTP Version' is the latest, if used to run the API app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-9b597639-28e4-48eb-b506-56b05d366257": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Microsoft IaaSAntimalware extension should be deployed on Windows servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'Java version' is the latest, if used as a part of the Function app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-9daedab3-fb2d-461e-b861-71790eead4f6": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: All network ports should be restricted on network security groups associated to your virtual machine",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-a4af4a39-4135-47fb-b175-47fbdf85311d": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Web Application should only be accessible over HTTPS",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Auditing on SQL server should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
      "type": "String",
      "metadata": {
        "displayName": "Required auditing setting for SQL servers"
      },
      "allowedValues": [
        "enabled",
        "disabled"
      ],
      "defaultValue": "enabled"
    },
    "effect-a70ca396-0a34-413a-88e1-b956c1e683be": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: The Log Analytics agent should be installed on virtual machines",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-aa633080-8b72-40c4-a2d7-d00c03e80bed": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: MFA should be enabled on accounts with owner permissions on your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Advanced data security should be enabled on your SQL servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Advanced data security should be enabled on SQL Managed Instance",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112": {
      "type": "String",
      "metadata": {
        "displayName": "Minimum TLS version for Windows web servers",
        "description": "Windows web servers with lower TLS versions will be assessed as non-compliant"
      },
      "allowedValues": [
        "1.1",
        "1.2"
      ],
      "defaultValue": "1.2"
    },
    "effect-b4d66858-c922-44e3-9566-5cdb7a7be744": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Effect for policy: A security contact phone number should be provided for your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects",
        "deprecated": true
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "Disabled"
    },
    "listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": {
      "type": "Array",
      "metadata": {
        "displayName": "[Deprecated]: List of regions where Network Watcher should be enabled",
        "description": "Audit if Network Watcher is not enabled for region(s).",
        "strongType": "location",
        "deprecated": true
      },
      "defaultValue": []
    },
    "resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": {
      "type": "String",
      "metadata": {
        "displayName": "Name of the resource group for Network Watcher",
        "description": "Name of the resource group of NetworkWatcher, such as NetworkWatcherRG. This is the resource group where the Network Watchers are located."
      },
      "defaultValue": "NetworkWatcherRG"
    },
    "effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: API App should only be accessible over HTTPS",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: System updates on virtual machine scale sets should be installed",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Remote debugging should be turned off for Web Applications",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Vulnerabilities in security configuration on your machines should be remediated",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-e2c1c086-2d84-4019-bff3-c44ccd95113c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Ensure that 'HTTP Version' is the latest, if used to run the Function app",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-e3576e28-8b17-4677-84c3-db2990658d64": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: MFA should be enabled on accounts with read permissions on your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-e8cbc669-f12d-49eb-93e7-9273119e9933": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Vulnerabilities in container security configurations should be remediated",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Remote debugging should be turned off for API Apps",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Deprecated accounts with owner permissions should be removed from your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Audit Linux machines that allow remote connections from accounts without passwords",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-efbde977-ba53-4479-b8e9-10b957924fbf": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: The Log Analytics agent should be installed on Virtual Machine Scale Sets",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Latest TLS version should be used in your Web App",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-e6955644-301c-44b5-a4c4-528577de6861": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Audit Linux machines that do not have the passwd file permissions set to 0644",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Internet-facing virtual machines should be protected with network security groups",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-f8456c1c-aa66-4dfb-861a-25d127b775c9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: External accounts with owner permissions should be removed from your subscription",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-f9d614c5-c173-4d56-95a7-b4437057d193": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Latest TLS version should be used in your Function App",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-fb893a29-21bb-418c-a157-e99480ec364c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-feedbf84-6b99-488c-acc2-71c829aa5ffc": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Vulnerabilities on your SQL databases should be remediated",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-3b980d31-7904-4bb7-8575-5665739a8052": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: An activity log alert should exist for specific Security operations (Microsoft.Security/securitySolutions/delete)",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "operationName-3b980d31-7904-4bb7-8575-5665739a8052": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Operation Name",
        "description": "Security Operation name for which activity log alert should exist",
        "deprecated": true
      },
      "allowedValues": [
        "Microsoft.Security/policies/write",
        "Microsoft.Security/securitySolutions/write",
        "Microsoft.Security/securitySolutions/delete"
      ],
      "defaultValue": []
    },
    "effect-6e2593d9-add6-4083-9c9b-4b7d2188c899": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Email notification for high severity alerts should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Resource logs in IoT Hub should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4": {
      "type": "String",
      "metadata": {
        "displayName": "Required retention period (days) for IoT Hub resource logs"
      },
      "defaultValue": "365"
    },
    "effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Resource logs in App Services should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-12430be1-6cc8-4527-a9a8-e3d38f250096": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Web Application Firewall (WAF) should use the specified mode for Application Gateway",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096": {
      "type": "String",
      "metadata": {
        "displayName": "Mode Requirement",
        "description": "Mode required for all WAF policies"
      },
      "allowedValues": [
        "Prevention",
        "Detection"
      ],
      "defaultValue": "Detection"
    },
    "effect-425bea59-a659-4cbb-8d31-34499bd030b8": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8": {
      "type": "String",
      "metadata": {
        "displayName": "Mode Requirement",
        "description": "Mode required for all WAF policies"
      },
      "allowedValues": [
        "Prevention",
        "Detection"
      ],
      "defaultValue": "Detection"
    },
    "effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Web Application Firewall (WAF) should be enabled for Application Gateway",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Web Application Firewall (WAF) should be enabled for Azure Front Door Service",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-361c2074-3595-4e5d-8cab-4f21dffc835c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Deploy Advanced Threat Protection on Storage Accounts",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "Disabled"
      ],
      "defaultValue": "Disabled"
    },
    "effect-b5f04e03-92a3-4b09-9410-2cc5e5047656": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Deploy Advanced Threat Protection for Cosmos DB Accounts",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "DeployIfNotExists",
        "Disabled"
      ],
      "defaultValue": "Disabled"
    },
    "effect-fc5e4038-4584-4632-8c85-c0448d374b2c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: All Internet traffic should be routed via your deployed Azure Firewall",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-013e242c-8828-4970-87b3-ab247555486d": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Backup should be enabled for Virtual Machines",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-d38fc420-0735-4ef3-ac11-c806f651a570": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Long-term geo-redundant backup should be enabled for Azure SQL Databases",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-a1181c5f-672a-477a-979a-7d58aa086233": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Security Center standard pricing tier should be selected",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-0e6763cc-5078-4e64-889d-ff4d9a839047": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Defender for Key Vault should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Defender for App Service should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Defender for Storage should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Defender for servers should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-523b5cd1-3e23-492f-a539-13118b6d1e3a": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Defender for Kubernetes should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-6581d072-105e-4418-827f-bd446d56421b": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Defender for SQL servers on machines should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Defender for Azure SQL Database servers should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Defender for container registries should be enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Management ports of virtual machines should be protected with just-in-time network access control",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-037eea7a-bd0a-46c5-9a66-03aea78705d3": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Cognitive Services accounts should restrict network access",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Public network access should be disabled for Cognitive Services accounts",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: CORS should not allow every resource to access your Function Apps",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-0fea8f8a-4169-495d-8307-30ec335f387d": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: CORS should not allow every domain to access your API for FHIR",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "audit",
        "disabled"
      ],
      "defaultValue": "audit"
    },
    "effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Effect for policy: SSH access from the Internet should be blocked",
        "description": "For more information about effects, visit https://aka.ms/policyeffects",
        "deprecated": true
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: CORS should not allow every resource to access your API App",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd": {
      "type": "String",
      "metadata": {
        "displayName": "Network access: Remotely accessible registry paths",
        "description": "Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
      },
      "defaultValue": "System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"
    },
    "NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd": {
      "type": "String",
      "metadata": {
        "displayName": "Network access: Remotely accessible registry paths and sub-paths",
        "description": "Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
      },
      "defaultValue": "System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"
    },
    "NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd": {
      "type": "String",
      "metadata": {
        "displayName": "Network access: Shares that can be accessed anonymously",
        "description": "Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server."
      },
      "defaultValue": "0"
    },
    "effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - Network Access'",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Storage account public access should be disallowed",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "audit",
        "deny",
        "disabled"
      ],
      "defaultValue": "audit"
    },
    "effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: CORS should not allow every resource to access your Web Applications",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Public network access should be disabled for PostgreSQL flexible servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Role-Based Access Control (RBAC) should be used on Kubernetes Services",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-b52376f7-9612-48a1-81cd-1ffe4b61032c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Public network access should be disabled for PostgreSQL servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-c9299215-ae47-4f50-9c54-8a392f68a052": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Public network access should be disabled for MySQL flexible servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-c9d007d0-c057-4772-b18c-01e546713bcd": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Storage accounts should allow access from trusted Microsoft services",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-d0793b48-0edc-4296-a390-4c75d1bdfd71": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Container registries should not allow unrestricted network access",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-d9844e8a-1437-4aeb-a32c-0c992f056095": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Public network access should be disabled for MySQL servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-e372f825-a257-4fb8-9175-797a8a8627d6": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Effect for policy: RDP access from the Internet should be blocked",
        "description": "For more information about effects, visit https://aka.ms/policyeffects",
        "deprecated": true
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Public network access should be disabled for MariaDB servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Enforce SSL connection should be enabled for PostgreSQL database servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Enforce SSL connection should be enabled for MySQL database servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Kubernetes cluster pods should only use approved host network and port range",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "audit",
        "deny",
        "disabled"
      ],
      "defaultValue": "audit"
    },
    "excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe": {
      "type": "Array",
      "metadata": {
        "displayName": "Namespaces excluded from evaluation of policy: Kubernetes cluster pods should only use approved host network and port range",
        "description": "List of Kubernetes namespaces to exclude from policy evaluation."
      },
      "defaultValue": [
        "kube-system",
        "gatekeeper-system",
        "azure-arc"
      ]
    },
    "namespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe": {
      "type": "Array",
      "metadata": {
        "displayName": "Allowed host paths for pod hostPath volumes to use",
        "description": "The host paths allowed for pod hostPath volumes to use. Provide an empty paths list to block all host paths."
      },
      "defaultValue": [
        "{\"paths\":[]}"
      ]
    },
    "allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe": {
      "type": "Boolean",
      "metadata": {
        "displayName": "Allow host network usage for Kubernetes cluster pods",
        "description": "Set this value to true if pod is allowed to use host network otherwise false."
      },
      "defaultValue": false
    },
    "minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe": {
      "type": "Integer",
      "metadata": {
        "displayName": "Minimum value in the allowable host port range that pods can use in the host network namespace",
        "description": "The minimum value in the allowable host port range that pods can use in the host network namespace."
      },
      "defaultValue": 0
    },
    "maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe": {
      "type": "Integer",
      "metadata": {
        "displayName": "Maximum value in the allowable host port range that pods can use in the host network namespace",
        "description": "The maximum value in the allowable host port range that pods can use in the host network namespace."
      },
      "defaultValue": 0
    },
    "effect-55615ac9-af46-4a59-874e-391cc3dfb490": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Firewall should be enabled on Key Vault",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463": {
      "type": "String",
      "metadata": {
        "displayName": "UAC: Admin Approval Mode for the Built-in Administrator account",
        "description": "Specifies the behavior of Admin Approval Mode for the built-in Administrator account."
      },
      "defaultValue": "1"
    },
    "UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463": {
      "type": "String",
      "metadata": {
        "displayName": "UAC: Behavior of the elevation prompt for administrators in Admin Approval Mode",
        "description": "Specifies the behavior of the elevation prompt for administrators."
      },
      "defaultValue": "2"
    },
    "UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463": {
      "type": "String",
      "metadata": {
        "displayName": "UAC: Detect application installations and prompt for elevation",
        "description": "Specifies the behavior of application installation detection for the computer."
      },
      "defaultValue": "1"
    },
    "UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463": {
      "type": "String",
      "metadata": {
        "displayName": "UAC: Run all administrators in Admin Approval Mode",
        "description": "Specifies the behavior of all User Account Control (UAC) policy settings for the computer."
      },
      "defaultValue": "1"
    },
    "effect-492a29ed-d143-4f03-b6a4-705ce081b463": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Windows machines should meet requirements for 'Security Options - User Account Control'",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users or groups that may log on locally",
        "description": "Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection."
      },
      "defaultValue": "Administrators, Authenticated Users"
    },
    "UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users or groups that may log on locally",
        "description": "Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right."
      },
      "defaultValue": "Administrators"
    },
    "UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Remote Desktop Users",
        "description": "Users or groups that may log on through Remote Desktop Services"
      },
      "defaultValue": "Administrators"
    },
    "UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users and groups that are denied access to this computer from the network",
        "description": "Specifies which users or groups are explicitly prohibited from connecting to the computer across the network."
      },
      "defaultValue": "Guests"
    },
    "UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users or groups that may manage auditing and security log",
        "description": "Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log."
      },
      "defaultValue": "Administrators"
    },
    "UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users or groups that may back up files and directories",
        "description": "Specifies users and groups allowed to circumvent file and directory permissions to back up the system."
      },
      "defaultValue": "Administrators, Backup Operators"
    },
    "UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users or groups that may change the system time",
        "description": "Specifies which users and groups are permitted to change the time and date on the internal clock of the computer."
      },
      "defaultValue": "Administrators, LOCAL SERVICE"
    },
    "UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users or groups that may change the time zone",
        "description": "Specifies which users and groups are permitted to change the time zone of the computer."
      },
      "defaultValue": "Administrators, LOCAL SERVICE"
    },
    "UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users or groups that may create a token object",
        "description": "Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data."
      },
      "defaultValue": "No One"
    },
    "UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users and groups that are denied logging on as a batch job",
        "description": "Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task)."
      },
      "defaultValue": "Guests"
    },
    "UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users and groups that are denied logging on as a service",
        "description": "Specifies which service accounts are explicitly not permitted to register a process as a service."
      },
      "defaultValue": "Guests"
    },
    "UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users and groups that are denied local logon",
        "description": "Specifies which users and groups are explicitly not permitted to log on to the computer."
      },
      "defaultValue": "Guests"
    },
    "UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users and groups that are denied log on through Remote Desktop Services",
        "description": "Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client."
      },
      "defaultValue": "Guests"
    },
    "UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "User and groups that may force shutdown from a remote system",
        "description": "Specifies which users and groups are permitted to shut down the computer from a remote location on the network."
      },
      "defaultValue": "Administrators"
    },
    "UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users and groups that may restore files and directories",
        "description": "Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories."
      },
      "defaultValue": "Administrators, Backup Operators"
    },
    "UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users and groups that may shut down the system",
        "description": "Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command."
      },
      "defaultValue": "Administrators"
    },
    "UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Users or groups that may take ownership of files or other objects",
        "description": "Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user."
      },
      "defaultValue": "Administrators"
    },
    "effect-e068b215-0026-4354-b347-8fb2766f73a2": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Windows machines should meet requirements for 'User Rights Assignment'",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-87845465-c458-45f3-af66-dcd62176f397": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Windows machines should meet requirements for 'System Audit Policies - Privilege Use'",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Audit usage of custom RBAC rules",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-b954148f-4c11-4c38-8221-be76711e194a": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Effect for policy: An activity log alert should exist for specific Administrative operations",
        "description": "For more information about effects, visit https://aka.ms/policyeffects",
        "deprecated": true
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "Disabled"
    },
    "operationName-b954148f-4c11-4c38-8221-be76711e194a": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Operation Name",
        "description": "Administrative Operation name for which activity log alert should be configured",
        "deprecated": true
      },
      "allowedValues": [
        "Microsoft.Sql/servers/firewallRules/write",
        "Microsoft.Sql/servers/firewallRules/delete",
        "Microsoft.Network/networkSecurityGroups/write",
        "Microsoft.Network/networkSecurityGroups/delete",
        "Microsoft.ClassicNetwork/networkSecurityGroups/write",
        "Microsoft.ClassicNetwork/networkSecurityGroups/delete",
        "Microsoft.Network/networkSecurityGroups/securityRules/write",
        "Microsoft.Network/networkSecurityGroups/securityRules/delete",
        "Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write",
        "Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"
      ],
      "defaultValue": []
    },
    "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Sql/servers/firewallRules/delete)",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/delete)",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/delete)",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.Network/networkSecurityGroups/securityRules/delete)",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete)",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-ae89ebca-1c92-4898-ac2c-9f63decb045c": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Virtual machines should have the Guest Configuration extension",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Guest Configuration extension should be deployed to Azure virtual machines with system assigned managed identity",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-7796937f-307b-4598-941c-67d3a05ebfe7": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure subscriptions should have a log profile for Activity Log",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: An activity log alert should exist for specific Policy operations (Microsoft.Authorization/policyAssignments/delete)",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Operation Name",
        "description": "Policy Operation name for which activity log alert should exist",
        "deprecated": true
      },
      "allowedValues": [
        "Microsoft.Authorization/policyAssignments/write",
        "Microsoft.Authorization/policyAssignments/delete"
      ],
      "defaultValue": []
    },
    "effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Monitor should collect activity logs from all regions",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-b02aacc0-b073-424e-8298-42b22829ee0a": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Activity log should be retained for at least one year",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "TimeZone-c633f6a2-7f8b-4d9e-9456-02f0f04f5505": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Time zone",
        "description": "The expected time zone",
        "deprecated": true
      },
      "allowedValues": [],
      "defaultValue": []
    },
    "effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-0ec47710-77ff-4a3d-9181-6aa50af424d0": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Geo-redundant backup should be enabled for Azure Database for MariaDB",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-48af4db5-9b8b-401c-8e74-076be876a430": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Geo-redundant backup should be enabled for Azure Database for PostgreSQL",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-82339799-d096-41ae-8538-b108becf0970": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Geo-redundant backup should be enabled for Azure Database for MySQL",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Vulnerability assessment should be enabled on SQL Managed Instance",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: A vulnerability assessment solution should be enabled on your virtual machines",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-5f0f936f-2f01-4bf5-b6be-d423792fa562": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Vulnerabilities in Azure Container Registry images should be remediated",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Vulnerability assessment should be enabled on your SQL servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-bb91dfba-c30d-4263-9add-9c2384e659a6": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Non-internet-facing virtual machines should be protected with network security groups",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-e71308d3-144b-4262-b144-efdc3cc90517": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Subnets should be associated with a Network Security Group",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb": {
      "type": "Array",
      "metadata": {
        "displayName": "Allowed key types",
        "description": "The list of allowed key types"
      },
      "allowedValues": [
        "RSA",
        "RSA-HSM",
        "EC",
        "EC-HSM"
      ],
      "defaultValue": [
        "RSA",
        "RSA-HSM",
        "EC",
        "EC-HSM"
      ]
    },
    "effect-75c4f823-d65c-4f29-a733-01d0077fdbcb": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Keys should be the specified cryptographic type RSA or EC",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9": {
      "type": "Integer",
      "metadata": {
        "displayName": "Minimum RSA key size for keys",
        "description": "The minimum key size for RSA keys."
      },
      "allowedValues": [
        2048,
        3072,
        4096
      ],
      "defaultValue": 2048
    },
    "effect-82067dbb-e53b-4e06-b631-546d197452d9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Keys using RSA cryptography should have a specified minimum key size",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "minimumRSAKeySize-cee51871-e572-4576-855c-047c820360f0": {
      "type": "Integer",
      "metadata": {
        "displayName": "Minimum RSA key size certificates",
        "description": "The minimum key size for RSA certificates."
      },
      "allowedValues": [
        2048,
        3072,
        4096
      ],
      "defaultValue": 2048
    },
    "effect-cee51871-e572-4576-855c-047c820360f0": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Certificates using RSA cryptography should have the specified minimum key size",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "audit",
        "deny",
        "disabled"
      ],
      "defaultValue": "audit"
    },
    "allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255": {
      "type": "Array",
      "metadata": {
        "displayName": "Allowed elliptic curve names",
        "description": "The list of allowed curve names for elliptic curve cryptography certificates."
      },
      "allowedValues": [
        "P-256",
        "P-256K",
        "P-384",
        "P-521"
      ],
      "defaultValue": [
        "P-256",
        "P-256K",
        "P-384",
        "P-521"
      ]
    },
    "effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Keys using elliptic curve cryptography should have the specified curve names",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-24fba194-95d6-48c0-aea7-f65bf859c598": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7": {
      "type": "String",
      "metadata": {
        "displayName": "[Deprecated]: Effect for policy: Cognitive Services accounts should enable data encryption",
        "description": "For more information about effects, visit https://aka.ms/policyeffects",
        "deprecated": true
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Disabled"
    },
    "effect-3a58212a-c829-4f13-9872-6371df2fd0b4": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Infrastructure encryption should be enabled for Azure Database for MySQL servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Storage accounts should have infrastructure encryption",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Cognitive Services accounts should enable data encryption with customer-managed key",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-6fac406b-40ca-413b-bf8e-0bf964659c25": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Storage account should use customer-managed key for encryption",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-81e74cea-30fd-40d5-802f-d72103c2aaaa": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Data Explorer encryption at rest should use a customer-managed key",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-c349d81b-9985-44ae-a8da-ff98d108ede8": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Data Box jobs should enable double encryption for data at rest on the device",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "supportedSKUs-c349d81b-9985-44ae-a8da-ff98d108ede8": {
      "type": "Array",
      "metadata": {
        "displayName": "Azure Data Box SKUs that support software-based double encryption",
        "description": "The list of Azure Data Box SKUs that support software-based double encryption"
      },
      "allowedValues": [
        "DataBox",
        "DataBoxHeavy"
      ],
      "defaultValue": [
        "DataBox",
        "DataBoxHeavy"
      ]
    },
    "effect-f4b53539-8df9-40e4-86c6-6b607703bd4e": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Disk encryption should be enabled on Azure Data Explorer",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Double encryption should be enabled on Azure Data Explorer",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-048248b0-55cd-46da-b1ff-39efd52db260": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: SQL managed instances should use customer-managed keys to encrypt data at rest",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-051cba44-2429-45b9-9649-46cec11c7119": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure API for FHIR should use a customer-managed key to encrypt data at rest",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "audit",
        "disabled"
      ],
      "defaultValue": "audit"
    },
    "effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: SQL servers should use customer-managed keys to encrypt data at rest",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Unattached disks should be encrypted",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-3657f5a0-770e-44a3-b44e-9431ba1e9735": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Automation account variables should be encrypted",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Container registries should be encrypted with a customer-managed key",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-617c02be-7f02-4efd-8836-3180d47b6c68": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Stream Analytics jobs should use customer-managed keys to encrypt data",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "audit",
        "deny",
        "disabled"
      ],
      "defaultValue": "audit"
    },
    "effect-f7d52b2d-e161-4dfa-a82b-55e564167385": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Azure Synapse workspaces should use customer-managed keys to encrypt data at rest",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Microsoft Antimalware for Azure should be configured to automatically update protection signatures",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Keys should have expiration dates set",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Key vault should have purge protection enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Key vault should have soft delete enabled",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "Audit",
        "Deny",
        "Disabled"
      ],
      "defaultValue": "Audit"
    },
    "effect-1f314764-cb73-4fc9-b863-8eca98ac36e9": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: An Azure Active Directory administrator should be provisioned for SQL servers",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-123a3936-f020-408a-ba0c-47873faf1534": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Allowlist rules in your adaptive application control policy should be updated",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Linux machines should meet requirements for the Azure compute security baseline",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    },
    "AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b": {
      "type": "String",
      "metadata": {
        "displayName": "Audit Authentication Policy Change",
        "description": "Specifies whether audit events are generated when changes are made to authentication policy. This setting is useful for tracking changes in domain-level and forest-level trust and privileges that are granted to user accounts or groups."
      },
      "allowedValues": [
        "No Auditing",
        "Success",
        "Failure",
        "Success and Failure"
      ],
      "defaultValue": "Success"
    },
    "AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b": {
      "type": "String",
      "metadata": {
        "displayName": "Audit Authorization Policy Change",
        "description": "Specifies whether audit events are generated for assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects."
      },
      "allowedValues": [
        "No Auditing",
        "Success",
        "Failure",
        "Success and Failure"
      ],
      "defaultValue": "No Auditing"
    },
    "effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b": {
      "type": "String",
      "metadata": {
        "displayName": "Effect for policy: Windows machines should meet requirements for 'System Audit Policies - Policy Change'",
        "description": "For more information about effects, visit https://aka.ms/policyeffects"
      },
      "allowedValues": [
        "AuditIfNotExists",
        "Disabled"
      ],
      "defaultValue": "AuditIfNotExists"
    }
  },
  "policyDefinitions": [
    {
      "policyDefinitionReferenceId": "69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "MembersToExclude": {
          "value": "[parameters('MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.017",
        "CMMC_L3_SC.3.181"
      ]
    },
    {
      "policyDefinitionReferenceId": "30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "MembersToInclude": {
          "value": "[parameters('MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.017"
      ]
    },
    {
      "policyDefinitionReferenceId": "f47b5582-33ec-4c5c-87c0-b010a6b2e917",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917",
      "parameters": {
        "logAnalyticsWorkspaceId": {
          "value": "[parameters('logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.046",
        "CMMC_L3_AU.3.048"
      ]
    },
    {
      "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.003",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.1.176",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "09024ccc-0c5f-475e-9457-b7c0d9ed487b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.017",
        "CMMC_L3_SC.3.181"
      ]
    },
    {
      "policyDefinitionReferenceId": "0961003e-5a0a-4549-abde-af6a37f2724d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0961003e-5a0a-4549-abde-af6a37f2724d')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "0b15565f-aa9e-48ba-8619-45960f2c314d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0b15565f-aa9e-48ba-8619-45960f2c314d')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.092",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "0e60b895-3786-45da-8377-9c6b4b6ac5f9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.2.013",
        "CMMC_L3_CM.3.068"
      ]
    },
    {
      "policyDefinitionReferenceId": "17k78e20-9358-41c9-923c-fb736d382a12",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-17k78e20-9358-41c9-923c-fb736d382a12')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba')]"
        },
        "PHPLatestVersion": {
          "value": "[parameters('PHPLatestVersion')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "22bee202-a82f-4305-9a2a-6d7f44d4dedb",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.002",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.185"
      ]
    },
    {
      "policyDefinitionReferenceId": "3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
      "parameters": {},
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.2.013",
        "CMMC_L3_AC.3.021",
        "CMMC_L3_IA.1.077",
        "CMMC_L3_IA.2.078",
        "CMMC_L3_IA.2.079",
        "CMMC_L3_IA.2.081"
      ]
    },
    {
      "policyDefinitionReferenceId": "497dff13-db2a-4c0f-8603-28fa3b331ab6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6",
      "parameters": {},
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.2.013",
        "CMMC_L3_AC.3.021",
        "CMMC_L3_IA.1.077",
        "CMMC_L3_IA.2.078",
        "CMMC_L3_IA.2.079",
        "CMMC_L3_IA.2.081"
      ]
    },
    {
      "policyDefinitionReferenceId": "385f5831-96d4-41db-9a3c-cd3af78aaae6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6",
      "parameters": {},
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.2.013",
        "CMMC_L3_AC.3.021",
        "CMMC_L3_IA.1.077",
        "CMMC_L3_IA.2.078",
        "CMMC_L3_IA.2.079",
        "CMMC_L3_IA.2.081"
      ]
    },
    {
      "policyDefinitionReferenceId": "1221c620-d201-468c-81e7-2817e6107e84",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "NetworkSecurityConfigureEncryptionTypesAllowedForKerberos": {
          "value": "[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84')]"
        },
        "NetworkSecurityLANManagerAuthenticationLevel": {
          "value": "[parameters('NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84')]"
        },
        "NetworkSecurityLDAPClientSigningRequirements": {
          "value": "[parameters('NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84')]"
        },
        "NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients": {
          "value": "[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84')]"
        },
        "NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers": {
          "value": "[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84')]"
        },
        "effect": {
          "value": "[parameters('effect-1221c620-d201-468c-81e7-2817e6107e84')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.2.013",
        "CMMC_L3_CM.2.064",
        "CMMC_L3_IA.1.077",
        "CMMC_L3_IA.2.078",
        "CMMC_L3_IA.2.079",
        "CMMC_L3_IA.2.081",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "a2d0e922-65d0-40c4-8f87-ea6da2d307a2",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "effect": {
          "value": "[parameters('effect-a2d0e922-65d0-40c4-8f87-ea6da2d307a2')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.2.078"
      ]
    },
    {
      "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-26a828e1-e88f-464e-bbb3-c134a282b9de')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161",
        "CMMC_L3_SI.1.211"
      ]
    },
    {
      "policyDefinitionReferenceId": "32133ab0-ee4b-4b44-98d6-042180979d50",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50",
      "parameters": {
        "listOfImageIdToInclude_windows": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
        },
        "listOfImageIdToInclude_linux": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.046",
        "CMMC_L3_AU.3.048"
      ]
    },
    {
      "policyDefinitionReferenceId": "f6ec09a3-78bf-4f8f-99dc-6c77182d0f99",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "effect": {
          "value": "[parameters('effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.1.077",
        "CMMC_L3_IA.2.078"
      ]
    },
    {
      "policyDefinitionReferenceId": "34c877ad-507e-4c82-993e-3452a6e0ad3c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-34c877ad-507e-4c82-993e-3452a6e0ad3c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.013",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.1.176",
        "CMMC_L3_SC.3.183",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RM.2.143",
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-404c3081-a854-4457-ae30-26a93ef643f9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.002",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.185"
      ]
    },
    {
      "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-47a6b606-51aa-4496-8bb7-64b11cf66adc')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161",
        "CMMC_L3_CM.2.061",
        "CMMC_L3_CM.2.063",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_CM.3.069"
      ]
    },
    {
      "policyDefinitionReferenceId": "496223c3-ad65-4ecd-878a-bae78737e9ed",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/496223c3-ad65-4ecd-878a-bae78737e9ed",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-496223c3-ad65-4ecd-878a-bae78737e9ed')]"
        },
        "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "4f11b553-d42e-4e3a-89be-32ca364cad4c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-4f11b553-d42e-4e3a-89be-32ca364cad4c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.017",
        "CMMC_L3_SC.3.181"
      ]
    },
    {
      "policyDefinitionReferenceId": "4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.092",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138",
      "parameters": {
        "listOfImageIdToInclude_windows": {
          "value": "[parameters('listOfImageIdToInclude_windows')]"
        },
        "listOfImageIdToInclude_linux": {
          "value": "[parameters('listOfImageIdToInclude_linux')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.046",
        "CMMC_L3_AU.3.048"
      ]
    },
    {
      "policyDefinitionReferenceId": "5c607a2e-c700-4744-8254-d77e7c9eb5e4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.2.007"
      ]
    },
    {
      "policyDefinitionReferenceId": "5f76cf89-fbf2-47fd-a3f4-b891fa780b60",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.2.007"
      ]
    },
    {
      "policyDefinitionReferenceId": "6b1cbf55-e8b6-442f-ba4c-7246b6381474",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001"
      ]
    },
    {
      "policyDefinitionReferenceId": "6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.002",
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "7008174a-fd10-4ef0-817e-fc820a951d73",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-7008174a-fd10-4ef0-817e-fc820a951d73')]"
        },
        "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "7238174a-fd10-4ef0-817e-fc820a951d73",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-7238174a-fd10-4ef0-817e-fc820a951d73')]"
        },
        "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "7261b898-8a84-4db8-9e04-18527132abb3",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7261b898-8a84-4db8-9e04-18527132abb3",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-7261b898-8a84-4db8-9e04-18527132abb3')]"
        },
        "PHPLatestVersion": {
          "value": "[parameters('PHPLatestVersion')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "5b054a0d-39e2-4d53-bea3-9734cad2c69b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "effect": {
          "value": "[parameters('effect-5b054a0d-39e2-4d53-bea3-9734cad2c69b')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.2.079"
      ]
    },
    {
      "policyDefinitionReferenceId": "74c3584d-afae-46f7-a20a-6f8adba71a16",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74c3584d-afae-46f7-a20a-6f8adba71a16",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-74c3584d-afae-46f7-a20a-6f8adba71a16')]"
        },
        "LinuxPythonLatestVersion": {
          "value": "[parameters('LinuxPythonLatestVersion')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "bf16e0bb-31e1-4646-8202-60a235cc7e74",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "effect": {
          "value": "[parameters('effect-bf16e0bb-31e1-4646-8202-60a235cc7e74')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.2.078"
      ]
    },
    {
      "policyDefinitionReferenceId": "7f89b1eb-583c-429a-8828-af049802c1d9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9",
      "parameters": {
        "listOfResourceTypes": {
          "value": "[parameters('listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.046",
        "CMMC_L3_AU.3.048",
        "CMMC_L3_AU.3.049"
      ]
    },
    {
      "policyDefinitionReferenceId": "86b3d65f-7626-441e-b690-81a8b71cff60",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-86b3d65f-7626-441e-b690-81a8b71cff60')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "88999f4c-376a-45c8-bcb3-4058f713cf39",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/88999f4c-376a-45c8-bcb3-4058f713cf39",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-88999f4c-376a-45c8-bcb3-4058f713cf39')]"
        },
        "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "8c122334-9d20-4eb8-89ea-ac9a705b74ae",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.190",
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "da0f98fe-a24b-4ad5-af69-bd0400233661",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "effect": {
          "value": "[parameters('effect-da0f98fe-a24b-4ad5-af69-bd0400233661')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.2.081",
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "9297c21d-2ed6-4474-b48f-163f75654ce3",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-9297c21d-2ed6-4474-b48f-163f75654ce3')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.1.077",
        "CMMC_L3_IA.3.083",
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "991310cd-e9f3-47bc-b7b6-f57b557d07db",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/991310cd-e9f3-47bc-b7b6-f57b557d07db",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-991310cd-e9f3-47bc-b7b6-f57b557d07db')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "9b597639-28e4-48eb-b506-56b05d366257",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-9b597639-28e4-48eb-b506-56b05d366257')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.211",
        "CMMC_L3_SI.1.213"
      ]
    },
    {
      "policyDefinitionReferenceId": "9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc')]"
        },
        "JavaLatestVersion": {
          "value": "[parameters('JavaLatestVersion')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "9daedab3-fb2d-461e-b861-71790eead4f6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-9daedab3-fb2d-461e-b861-71790eead4f6')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CM.2.064",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.1.176",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "a4af4a39-4135-47fb-b175-47fbdf85311d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-a4af4a39-4135-47fb-b175-47fbdf85311d')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.002",
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
        },
        "setting": {
          "value": "[parameters('setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.046",
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161"
      ]
    },
    {
      "policyDefinitionReferenceId": "a70ca396-0a34-413a-88e1-b956c1e683be",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-a70ca396-0a34-413a-88e1-b956c1e683be')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.048"
      ]
    },
    {
      "policyDefinitionReferenceId": "aa633080-8b72-40c4-a2d7-d00c03e80bed",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-aa633080-8b72-40c4-a2d7-d00c03e80bed')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.1.077",
        "CMMC_L3_IA.3.083",
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.046",
        "CMMC_L3_CM.2.064",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_SC.3.191",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.046",
        "CMMC_L3_CM.2.064",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_SC.3.191",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161",
        "CMMC_L3_IR.2.093",
        "CMMC_L3_SI.1.211",
        "CMMC_L3_SI.1.213"
      ]
    },
    {
      "policyDefinitionReferenceId": "5752e6d6-1206-46d8-8ab1-ecc2f71a8112",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "MinimumTLSVersion": {
          "value": "[parameters('MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.002",
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "b6e2945c-0b7b-40f5-9233-7a5323b5cdc6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6",
      "parameters": {
        "resourceGroupName": {
          "value": "[parameters('resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.2.013",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "b7ddfbdc-1260-477d-91fd-98bd9be789a6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.002",
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "c3f317a7-a95c-4547-b7e7-11017ebdf2fe",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.2.013",
        "CMMC_L3_CM.3.068"
      ]
    },
    {
      "policyDefinitionReferenceId": "e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RM.2.143",
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "e2c1c086-2d84-4019-bff3-c44ccd95113c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-e2c1c086-2d84-4019-bff3-c44ccd95113c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "e3576e28-8b17-4677-84c3-db2990658d64",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-e3576e28-8b17-4677-84c3-db2990658d64')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.1.077",
        "CMMC_L3_IA.3.083",
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-e8cbc669-f12d-49eb-93e7-9273119e9933')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RM.2.143"
      ]
    },
    {
      "policyDefinitionReferenceId": "e9c8d085-d9cc-4b17-9cdc-059f1f01f19e",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.2.013",
        "CMMC_L3_CM.3.068"
      ]
    },
    {
      "policyDefinitionReferenceId": "ebb62a0c-3560-49e1-89ed-27e074e9f8ad",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_SC.3.181"
      ]
    },
    {
      "policyDefinitionReferenceId": "ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "effect": {
          "value": "[parameters('effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.013"
      ]
    },
    {
      "policyDefinitionReferenceId": "efbde977-ba53-4479-b8e9-10b957924fbf",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-efbde977-ba53-4479-b8e9-10b957924fbf')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.048"
      ]
    },
    {
      "policyDefinitionReferenceId": "f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.190",
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "e6955644-301c-44b5-a4c4-528577de6861",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "effect": {
          "value": "[parameters('effect-e6955644-301c-44b5-a4c4-528577de6861')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.1.077"
      ]
    },
    {
      "policyDefinitionReferenceId": "f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.003",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.1.176",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "f8456c1c-aa66-4dfb-861a-25d127b775c9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-f8456c1c-aa66-4dfb-861a-25d127b775c9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_SC.3.181"
      ]
    },
    {
      "policyDefinitionReferenceId": "f9d614c5-c173-4d56-95a7-b4437057d193",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-f9d614c5-c173-4d56-95a7-b4437057d193')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IA.3.084",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.190",
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "fb893a29-21bb-418c-a157-e99480ec364c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-fb893a29-21bb-418c-a157-e99480ec364c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RM.2.143",
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "feedbf84-6b99-488c-acc2-71c829aa5ffc",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-feedbf84-6b99-488c-acc2-71c829aa5ffc')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RM.2.143",
        "CMMC_L3_SI.1.210"
      ]
    },
    {
      "policyDefinitionReferenceId": "3b980d31-7904-4bb7-8575-5665739a8052",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-3b980d31-7904-4bb7-8575-5665739a8052')]"
        },
        "operationName": {
          "value": "Microsoft.Security/securitySolutions/delete"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.021",
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161",
        "CMMC_L3_CM.2.065",
        "CMMC_L3_IR.2.093",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "6e2593d9-add6-4083-9c9b-4b7d2188c899",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-6e2593d9-add6-4083-9c9b-4b7d2188c899')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.092",
        "CMMC_L3_IR.2.093"
      ]
    },
    {
      "policyDefinitionReferenceId": "c251913d-7d24-4958-af87-478ed3b9ba41",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41",
      "parameters": {},
      "groupNames": [
        "CMMC_L3_IR.2.093",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "383856f8-de7f-44a2-81fc-e5135b5c2aa4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]"
        },
        "requiredRetentionDays": {
          "value": "[parameters('requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.3.048"
      ]
    },
    {
      "policyDefinitionReferenceId": "b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.3.048"
      ]
    },
    {
      "policyDefinitionReferenceId": "12430be1-6cc8-4527-a9a8-e3d38f250096",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-12430be1-6cc8-4527-a9a8-e3d38f250096')]"
        },
        "modeRequirement": {
          "value": "[parameters('modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CM.2.064",
        "CMMC_L3_IR.2.093",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "425bea59-a659-4cbb-8d31-34499bd030b8",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-425bea59-a659-4cbb-8d31-34499bd030b8')]"
        },
        "modeRequirement": {
          "value": "[parameters('modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CM.2.064",
        "CMMC_L3_IR.2.093",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CM.2.064",
        "CMMC_L3_IR.2.093",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "055aa869-bc98-4af8-bafc-23f1ab6ffe2c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CM.2.064",
        "CMMC_L3_IR.2.093",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "361c2074-3595-4e5d-8cab-4f21dffc835c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-361c2074-3595-4e5d-8cab-4f21dffc835c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093"
      ]
    },
    {
      "policyDefinitionReferenceId": "b5f04e03-92a3-4b09-9410-2cc5e5047656",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b5f04e03-92a3-4b09-9410-2cc5e5047656",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b5f04e03-92a3-4b09-9410-2cc5e5047656')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093"
      ]
    },
    {
      "policyDefinitionReferenceId": "fc5e4038-4584-4632-8c85-c0448d374b2c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-fc5e4038-4584-4632-8c85-c0448d374b2c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.003",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.2.064",
        "CMMC_L3_IR.2.093",
        "CMMC_L3_SC.3.183",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "013e242c-8828-4970-87b3-ab247555486d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-013e242c-8828-4970-87b3-ab247555486d')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RE.2.137",
        "CMMC_L3_RE.3.139"
      ]
    },
    {
      "policyDefinitionReferenceId": "d38fc420-0735-4ef3-ac11-c806f651a570",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-d38fc420-0735-4ef3-ac11-c806f651a570')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RE.2.137",
        "CMMC_L3_RE.3.139"
      ]
    },
    {
      "policyDefinitionReferenceId": "0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56",
      "parameters": {},
      "groupNames": [
        "CMMC_L3_RE.2.137",
        "CMMC_L3_RE.3.139"
      ]
    },
    {
      "policyDefinitionReferenceId": "a1181c5f-672a-477a-979a-7d58aa086233",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-a1181c5f-672a-477a-979a-7d58aa086233')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161",
        "CMMC_L3_CM.2.063",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144"
      ]
    },
    {
      "policyDefinitionReferenceId": "0e6763cc-5078-4e64-889d-ff4d9a839047",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0e6763cc-5078-4e64-889d-ff4d9a839047')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144",
        "CMMC_L3_SC.3.187",
        "CMMC_L3_SI.1.213",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "2913021d-f2fd-4f3d-b958-22354e2bdbcb",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144",
        "CMMC_L3_SI.1.213",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144",
        "CMMC_L3_SI.1.213",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "4da35fc9-c9e7-4960-aec9-797fe7d9051d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144",
        "CMMC_L3_SI.1.213",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "523b5cd1-3e23-492f-a539-13118b6d1e3a",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/523b5cd1-3e23-492f-a539-13118b6d1e3a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-523b5cd1-3e23-492f-a539-13118b6d1e3a')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144",
        "CMMC_L3_SI.1.213",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "6581d072-105e-4418-827f-bd446d56421b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-6581d072-105e-4418-827f-bd446d56421b')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144",
        "CMMC_L3_SI.1.213",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144",
        "CMMC_L3_SI.1.213",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "c25d9a16-bc35-4e15-a7e5-9db606bf9ed4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c25d9a16-bc35-4e15-a7e5-9db606bf9ed4",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.093",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144",
        "CMMC_L3_SI.1.213",
        "CMMC_L3_SI.2.216"
      ]
    },
    {
      "policyDefinitionReferenceId": "b0f33259-77d7-4c9e-aac6-3aabcfae693c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.007",
        "CMMC_L3_AC.2.013",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.2.179",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "037eea7a-bd0a-46c5-9a66-03aea78705d3",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-037eea7a-bd0a-46c5-9a66-03aea78705d3')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "0725b4dd-7e76-479c-a735-68e7ee23d5ca",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0725b4dd-7e76-479c-a735-68e7ee23d5ca",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "0820b7b9-23aa-4725-a1ce-ae4558f718e5",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "0fea8f8a-4169-495d-8307-30ec335f387d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0fea8f8a-4169-495d-8307-30ec335f387d",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0fea8f8a-4169-495d-8307-30ec335f387d')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "1b8ca024-1d5c-4dec-8995-b1a932b41780",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780",
      "parameters": {},
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "358c20a6-3f9e-4f0e-97ff-c6ce485e2aac",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/358c20a6-3f9e-4f0e-97ff-c6ce485e2aac",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "NetworkAccessRemotelyAccessibleRegistryPaths": {
          "value": "[parameters('NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
        },
        "NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths": {
          "value": "[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
        },
        "NetworkAccessSharesThatCanBeAccessedAnonymously": {
          "value": "[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
        },
        "effect": {
          "value": "[parameters('effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "4fa4b6c0-31ca-4c0d-b10d-24b96f62a751",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "5744710e-cc2f-4ee8-8809-3b11e89f4bc9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "5e1de0e3-42cb-4ebc-a86d-61d0c619ca48",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "ac4a19c2-fa67-49b4-8ae5-0b2e78c49457",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac4a19c2-fa67-49b4-8ae5-0b2e78c49457",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.007",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.2.062"
      ]
    },
    {
      "policyDefinitionReferenceId": "b52376f7-9612-48a1-81cd-1ffe4b61032c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b52376f7-9612-48a1-81cd-1ffe4b61032c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "c9299215-ae47-4f50-9c54-8a392f68a052",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-c9299215-ae47-4f50-9c54-8a392f68a052')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "c9d007d0-c057-4772-b18c-01e546713bcd",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-c9d007d0-c057-4772-b18c-01e546713bcd')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "d0793b48-0edc-4296-a390-4c75d1bdfd71",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d0793b48-0edc-4296-a390-4c75d1bdfd71",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-d0793b48-0edc-4296-a390-4c75d1bdfd71')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "d9844e8a-1437-4aeb-a32c-0c992f056095",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-d9844e8a-1437-4aeb-a32c-0c992f056095')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "fdccbe47-f3e3-4213-ad5d-ea459b2fa077",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_AC.2.016",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "d158790f-bfb0-486c-8631-2dc6b4e8e6af",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.002",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "e802a67a-daf5-4436-9ea6-f6d821dd0c5d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e802a67a-daf5-4436-9ea6-f6d821dd0c5d",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.002",
        "CMMC_L3_SC.3.185",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "82985f06-dc18-4a48-bc1c-b9f4f0098cfe",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82985f06-dc18-4a48-bc1c-b9f4f0098cfe",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe')]"
        },
        "excludedNamespaces": {
          "value": "[parameters('excludedNamespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe')]"
        },
        "namespaces": {
          "value": "[parameters('namespaces-82985f06-dc18-4a48-bc1c-b9f4f0098cfe')]"
        },
        "allowHostNetwork": {
          "value": "[parameters('allowHostNetwork-82985f06-dc18-4a48-bc1c-b9f4f0098cfe')]"
        },
        "minPort": {
          "value": "[parameters('minPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe')]"
        },
        "maxPort": {
          "value": "[parameters('maxPort-82985f06-dc18-4a48-bc1c-b9f4f0098cfe')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "55615ac9-af46-4a59-874e-391cc3dfb490",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-55615ac9-af46-4a59-874e-391cc3dfb490')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.1.001",
        "CMMC_L3_AC.1.002",
        "CMMC_L3_CM.2.064",
        "CMMC_L3_IR.2.093",
        "CMMC_L3_SC.3.183",
        "CMMC_L3_SC.3.187"
      ]
    },
    {
      "policyDefinitionReferenceId": "492a29ed-d143-4f03-b6a4-705ce081b463",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "UACAdminApprovalModeForTheBuiltinAdministratorAccount": {
          "value": "[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463')]"
        },
        "UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode": {
          "value": "[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463')]"
        },
        "UACDetectApplicationInstallationsAndPromptForElevation": {
          "value": "[parameters('UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463')]"
        },
        "UACRunAllAdministratorsInAdminApprovalMode": {
          "value": "[parameters('UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463')]"
        },
        "effect": {
          "value": "[parameters('effect-492a29ed-d143-4f03-b6a4-705ce081b463')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.2.008",
        "CMMC_L3_AC.3.021",
        "CMMC_L3_CM.2.063"
      ]
    },
    {
      "policyDefinitionReferenceId": "e068b215-0026-4354-b347-8fb2766f73a2",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "UsersOrGroupsThatMayAccessThisComputerFromTheNetwork": {
          "value": "[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersOrGroupsThatMayLogOnLocally": {
          "value": "[parameters('UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices": {
          "value": "[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersOrGroupsThatMayManageAuditingAndSecurityLog": {
          "value": "[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersOrGroupsThatMayBackUpFilesAndDirectories": {
          "value": "[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersOrGroupsThatMayChangeTheSystemTime": {
          "value": "[parameters('UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersOrGroupsThatMayChangeTheTimeZone": {
          "value": "[parameters('UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersOrGroupsThatMayCreateATokenObject": {
          "value": "[parameters('UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersAndGroupsThatAreDeniedLoggingOnAsAService": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersAndGroupsThatAreDeniedLocalLogon": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UserAndGroupsThatMayForceShutdownFromARemoteSystem": {
          "value": "[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersAndGroupsThatMayRestoreFilesAndDirectories": {
          "value": "[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersAndGroupsThatMayShutDownTheSystem": {
          "value": "[parameters('UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects": {
          "value": "[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2')]"
        },
        "effect": {
          "value": "[parameters('effect-e068b215-0026-4354-b347-8fb2766f73a2')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.2.008",
        "CMMC_L3_AC.3.021"
      ]
    },
    {
      "policyDefinitionReferenceId": "87845465-c458-45f3-af66-dcd62176f397",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87845465-c458-45f3-af66-dcd62176f397",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "effect": {
          "value": "[parameters('effect-87845465-c458-45f3-af66-dcd62176f397')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.018",
        "CMMC_L3_CM.2.062"
      ]
    },
    {
      "policyDefinitionReferenceId": "a451c1ef-c6ca-483d-87ed-f49761e3ffb5",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.018"
      ]
    },
    {
      "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-0",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete')]"
        },
        "operationName": {
          "value": "Microsoft.Sql/servers/firewallRules/delete"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.018",
        "CMMC_L3_AC.3.021",
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_CM.2.065",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-1",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete')]"
        },
        "operationName": {
          "value": "Microsoft.Network/networkSecurityGroups/delete"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.018",
        "CMMC_L3_AC.3.021",
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_CM.2.065",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-2",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete')]"
        },
        "operationName": {
          "value": "Microsoft.ClassicNetwork/networkSecurityGroups/delete"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.018",
        "CMMC_L3_AC.3.021",
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_CM.2.065",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-3",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete')]"
        },
        "operationName": {
          "value": "Microsoft.Network/networkSecurityGroups/securityRules/delete"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.018",
        "CMMC_L3_AC.3.021",
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_CM.2.065",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a-4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete')]"
        },
        "operationName": {
          "value": "Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.018",
        "CMMC_L3_AC.3.021",
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_CM.2.065",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "331e8ea8-378a-410f-a2e5-ae22f38bb0da",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da",
      "parameters": {},
      "groupNames": [
        "CMMC_L3_AC.3.021"
      ]
    },
    {
      "policyDefinitionReferenceId": "ae89ebca-1c92-4898-ac2c-9f63decb045c",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-ae89ebca-1c92-4898-ac2c-9f63decb045c')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.021"
      ]
    },
    {
      "policyDefinitionReferenceId": "d26f7642-7545-4e18-9b75-8c9bbdee3a9a",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AC.3.021"
      ]
    },
    {
      "policyDefinitionReferenceId": "1a4e592a-6a6e-44a5-9814-e36264ca96e7",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "7796937f-307b-4598-941c-67d3a05ebfe7",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-7796937f-307b-4598-941c-67d3a05ebfe7')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_CM.2.065",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "c5447c04-a4d7-4ba8-a263-c9ee321a6858",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858')]"
        },
        "operationName": {
          "value": "Microsoft.Authorization/policyAssignments/delete"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_AU.3.049",
        "CMMC_L3_CM.2.061",
        "CMMC_L3_CM.2.065",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.041",
        "CMMC_L3_AU.2.042",
        "CMMC_L3_CM.2.065",
        "CMMC_L3_SI.2.216",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "b02aacc0-b073-424e-8298-42b22829ee0a",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-b02aacc0-b073-424e-8298-42b22829ee0a')]"
        }
      },
      "groupNames": [
        "CMMC_L3_AU.2.042",
        "CMMC_L3_SI.2.217"
      ]
    },
    {
      "policyDefinitionReferenceId": "057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_IR.2.092",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143",
        "CMMC_L3_RM.3.144"
      ]
    },
    {
      "policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0ec47710-77ff-4a3d-9181-6aa50af424d0')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RE.2.137",
        "CMMC_L3_RE.3.139"
      ]
    },
    {
      "policyDefinitionReferenceId": "48af4db5-9b8b-401c-8e74-076be876a430",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-48af4db5-9b8b-401c-8e74-076be876a430')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RE.2.137",
        "CMMC_L3_RE.3.139"
      ]
    },
    {
      "policyDefinitionReferenceId": "82339799-d096-41ae-8538-b108becf0970",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-82339799-d096-41ae-8538-b108becf0970')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RE.2.137",
        "CMMC_L3_RE.3.139"
      ]
    },
    {
      "policyDefinitionReferenceId": "1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143"
      ]
    },
    {
      "policyDefinitionReferenceId": "501541f7-f7e7-4cd6-868c-4190fdad3ac9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143"
      ]
    },
    {
      "policyDefinitionReferenceId": "5f0f936f-2f01-4bf5-b6be-d423792fa562",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f0f936f-2f01-4bf5-b6be-d423792fa562",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-5f0f936f-2f01-4bf5-b6be-d423792fa562')]"
        }
      },
      "groupNames": [
        "CMMC_L3_RM.2.143"
      ]
    },
    {
      "policyDefinitionReferenceId": "ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161",
        "CMMC_L3_RM.2.141",
        "CMMC_L3_RM.2.142",
        "CMMC_L3_RM.2.143"
      ]
    },
    {
      "policyDefinitionReferenceId": "bb91dfba-c30d-4263-9add-9c2384e659a6",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-bb91dfba-c30d-4263-9add-9c2384e659a6')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.175",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "e71308d3-144b-4262-b144-efdc3cc90517",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-e71308d3-144b-4262-b144-efdc3cc90517')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CM.3.068",
        "CMMC_L3_SC.1.176",
        "CMMC_L3_SC.3.180",
        "CMMC_L3_SC.3.183"
      ]
    },
    {
      "policyDefinitionReferenceId": "75c4f823-d65c-4f29-a733-01d0077fdbcb",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb",
      "parameters": {
        "allowedKeyTypes": {
          "value": "[parameters('allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb')]"
        },
        "effect": {
          "value": "[parameters('effect-75c4f823-d65c-4f29-a733-01d0077fdbcb')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.187"
      ]
    },
    {
      "policyDefinitionReferenceId": "82067dbb-e53b-4e06-b631-546d197452d9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9",
      "parameters": {
        "minimumRSAKeySize": {
          "value": "[parameters('minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9')]"
        },
        "effect": {
          "value": "[parameters('effect-82067dbb-e53b-4e06-b631-546d197452d9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.187"
      ]
    },
    {
      "policyDefinitionReferenceId": "cee51871-e572-4576-855c-047c820360f0",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0",
      "parameters": {
        "minimumRSAKeySize": {
          "value": "[parameters('minimumRSAKeySize-cee51871-e572-4576-855c-047c820360f0')]"
        },
        "effect": {
          "value": "[parameters('effect-cee51871-e572-4576-855c-047c820360f0')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.190"
      ]
    },
    {
      "policyDefinitionReferenceId": "ff25f3c8-b739-4538-9d07-3d6d25cfb255",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255",
      "parameters": {
        "allowedECNames": {
          "value": "[parameters('allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255')]"
        },
        "effect": {
          "value": "[parameters('effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.187"
      ]
    },
    {
      "policyDefinitionReferenceId": "24fba194-95d6-48c0-aea7-f65bf859c598",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/24fba194-95d6-48c0-aea7-f65bf859c598",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-24fba194-95d6-48c0-aea7-f65bf859c598')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "3a58212a-c829-4f13-9872-6371df2fd0b4",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3a58212a-c829-4f13-9872-6371df2fd0b4",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-3a58212a-c829-4f13-9872-6371df2fd0b4')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "4733ea7b-a883-42fe-8cac-97454c2a9e4a",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "67121cc7-ff39-4ab8-b7e3-95b84dab487d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "6fac406b-40ca-413b-bf8e-0bf964659c25",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-6fac406b-40ca-413b-bf8e-0bf964659c25')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "81e74cea-30fd-40d5-802f-d72103c2aaaa",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-81e74cea-30fd-40d5-802f-d72103c2aaaa')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "a7ff3161-0087-490a-9ad9-ad6217f4f43a",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a",
      "parameters": {},
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "c349d81b-9985-44ae-a8da-ff98d108ede8",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c349d81b-9985-44ae-a8da-ff98d108ede8",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-c349d81b-9985-44ae-a8da-ff98d108ede8')]"
        },
        "supportedSKUs": {
          "value": "[parameters('supportedSKUs-c349d81b-9985-44ae-a8da-ff98d108ede8')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "f4b53539-8df9-40e4-86c6-6b607703bd4e",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-f4b53539-8df9-40e4-86c6-6b607703bd4e')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "ec068d99-e9c7-401f-8cef-5bdde4e6ccf1",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ec068d99-e9c7-401f-8cef-5bdde4e6ccf1",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "048248b0-55cd-46da-b1ff-39efd52db260",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/048248b0-55cd-46da-b1ff-39efd52db260",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-048248b0-55cd-46da-b1ff-39efd52db260')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "051cba44-2429-45b9-9649-46cec11c7119",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-051cba44-2429-45b9-9649-46cec11c7119')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "0d134df8-db83-46fb-ad72-fe0c9428c8dd",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "2c89a2e5-7285-40fe-afe0-ae8654b92fb2",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c89a2e5-7285-40fe-afe0-ae8654b92fb2",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "3657f5a0-770e-44a3-b44e-9431ba1e9735",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-3657f5a0-770e-44a3-b44e-9431ba1e9735')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "617c02be-7f02-4efd-8836-3180d47b6c68",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-617c02be-7f02-4efd-8836-3180d47b6c68')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177",
        "CMMC_L3_SC.3.191"
      ]
    },
    {
      "policyDefinitionReferenceId": "7d7be79c-23ba-4033-84dd-45e2a5ccdd67",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "87ba29ef-1ab3-4d82-b763-87fcd4f531f7",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "f7d52b2d-e161-4dfa-a82b-55e564167385",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-f7d52b2d-e161-4dfa-a82b-55e564167385')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.177"
      ]
    },
    {
      "policyDefinitionReferenceId": "c43e4a30-77cb-48ab-a4dd-93f175c63b57",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SI.1.210",
        "CMMC_L3_SI.1.211",
        "CMMC_L3_SI.1.212",
        "CMMC_L3_SI.1.213"
      ]
    },
    {
      "policyDefinitionReferenceId": "152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.187"
      ]
    },
    {
      "policyDefinitionReferenceId": "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.187"
      ]
    },
    {
      "policyDefinitionReferenceId": "1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.187"
      ]
    },
    {
      "policyDefinitionReferenceId": "1f314764-cb73-4fc9-b863-8eca98ac36e9",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-1f314764-cb73-4fc9-b863-8eca98ac36e9')]"
        }
      },
      "groupNames": [
        "CMMC_L3_SC.3.181"
      ]
    },
    {
      "policyDefinitionReferenceId": "123a3936-f020-408a-ba0c-47873faf1534",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534",
      "parameters": {
        "effect": {
          "value": "[parameters('effect-123a3936-f020-408a-ba0c-47873faf1534')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CA.2.158",
        "CMMC_L3_CA.3.161",
        "CMMC_L3_CM.2.063",
        "CMMC_L3_CM.3.068"
      ]
    },
    {
      "policyDefinitionReferenceId": "fc9b3da7-8347-4380-8e70-0a0361d8dedd",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "effect": {
          "value": "[parameters('effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CM.2.061"
      ]
    },
    {
      "policyDefinitionReferenceId": "2a7a701e-dff3-4da9-9ec5-42cb98594c0b",
      "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b",
      "parameters": {
        "IncludeArcMachines": {
          "value": "[parameters('IncludeArcMachines')]"
        },
        "AuditAuthenticationPolicyChange": {
          "value": "[parameters('AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
        },
        "AuditAuthorizationPolicyChange": {
          "value": "[parameters('AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
        },
        "effect": {
          "value": "[parameters('effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
        }
      },
      "groupNames": [
        "CMMC_L3_CM.2.065"
      ]
    }
  ],
  "policyDefinitionGroups": [
    {
      "name": "CMMC_L3_AC.1.001",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.001"
    },
    {
      "name": "CMMC_L3_AC.1.002",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.002"
    },
    {
      "name": "CMMC_L3_AC.1.003",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.003"
    },
    {
      "name": "CMMC_L3_AC.1.004",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.1.004"
    },
    {
      "name": "CMMC_L3_AC.2.005",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.005"
    },
    {
      "name": "CMMC_L3_AC.2.006",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.006"
    },
    {
      "name": "CMMC_L3_AC.2.007",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.007"
    },
    {
      "name": "CMMC_L3_AC.2.008",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.008"
    },
    {
      "name": "CMMC_L3_AC.2.009",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.009"
    },
    {
      "name": "CMMC_L3_AC.2.010",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.010"
    },
    {
      "name": "CMMC_L3_AC.2.011",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.011"
    },
    {
      "name": "CMMC_L3_AC.2.013",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.013"
    },
    {
      "name": "CMMC_L3_AC.2.015",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.015"
    },
    {
      "name": "CMMC_L3_AC.2.016",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.2.016"
    },
    {
      "name": "CMMC_L3_AC.3.012",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.012"
    },
    {
      "name": "CMMC_L3_AC.3.014",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.014"
    },
    {
      "name": "CMMC_L3_AC.3.017",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.017"
    },
    {
      "name": "CMMC_L3_AC.3.018",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.018"
    },
    {
      "name": "CMMC_L3_AC.3.019",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.019"
    },
    {
      "name": "CMMC_L3_AC.3.020",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.020"
    },
    {
      "name": "CMMC_L3_AC.3.021",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.021"
    },
    {
      "name": "CMMC_L3_AC.3.022",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AC.3.022"
    },
    {
      "name": "CMMC_L3_AM.3.036",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AM.3.036"
    },
    {
      "name": "CMMC_L3_AT.2.056",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.2.056"
    },
    {
      "name": "CMMC_L3_AT.2.057",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.2.057"
    },
    {
      "name": "CMMC_L3_AT.3.058",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AT.3.058"
    },
    {
      "name": "CMMC_L3_AU.2.041",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.041"
    },
    {
      "name": "CMMC_L3_AU.2.042",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.042"
    },
    {
      "name": "CMMC_L3_AU.2.043",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.043"
    },
    {
      "name": "CMMC_L3_AU.2.044",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.2.044"
    },
    {
      "name": "CMMC_L3_AU.3.045",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.045"
    },
    {
      "name": "CMMC_L3_AU.3.046",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.046"
    },
    {
      "name": "CMMC_L3_AU.3.048",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.048"
    },
    {
      "name": "CMMC_L3_AU.3.049",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.049"
    },
    {
      "name": "CMMC_L3_AU.3.050",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.050"
    },
    {
      "name": "CMMC_L3_AU.3.051",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.051"
    },
    {
      "name": "CMMC_L3_AU.3.052",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_AU.3.052"
    },
    {
      "name": "CMMC_L3_CA.2.157",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.157"
    },
    {
      "name": "CMMC_L3_CA.2.158",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.158"
    },
    {
      "name": "CMMC_L3_CA.2.159",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.2.159"
    },
    {
      "name": "CMMC_L3_CA.3.161",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.3.161"
    },
    {
      "name": "CMMC_L3_CA.3.162",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CA.3.162"
    },
    {
      "name": "CMMC_L3_CM.2.061",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.061"
    },
    {
      "name": "CMMC_L3_CM.2.062",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.062"
    },
    {
      "name": "CMMC_L3_CM.2.063",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.063"
    },
    {
      "name": "CMMC_L3_CM.2.064",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.064"
    },
    {
      "name": "CMMC_L3_CM.2.065",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.065"
    },
    {
      "name": "CMMC_L3_CM.2.066",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.2.066"
    },
    {
      "name": "CMMC_L3_CM.3.067",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.067"
    },
    {
      "name": "CMMC_L3_CM.3.068",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.068"
    },
    {
      "name": "CMMC_L3_CM.3.069",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_CM.3.069"
    },
    {
      "name": "CMMC_L3_IA.1.076",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.1.076"
    },
    {
      "name": "CMMC_L3_IA.1.077",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.1.077"
    },
    {
      "name": "CMMC_L3_IA.2.078",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.078"
    },
    {
      "name": "CMMC_L3_IA.2.079",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.079"
    },
    {
      "name": "CMMC_L3_IA.2.080",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.080"
    },
    {
      "name": "CMMC_L3_IA.2.081",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.081"
    },
    {
      "name": "CMMC_L3_IA.2.082",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.2.082"
    },
    {
      "name": "CMMC_L3_IA.3.083",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.083"
    },
    {
      "name": "CMMC_L3_IA.3.084",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.084"
    },
    {
      "name": "CMMC_L3_IA.3.085",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.085"
    },
    {
      "name": "CMMC_L3_IA.3.086",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IA.3.086"
    },
    {
      "name": "CMMC_L3_IR.2.092",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.092"
    },
    {
      "name": "CMMC_L3_IR.2.093",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.093"
    },
    {
      "name": "CMMC_L3_IR.2.094",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.094"
    },
    {
      "name": "CMMC_L3_IR.2.096",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.096"
    },
    {
      "name": "CMMC_L3_IR.2.097",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.2.097"
    },
    {
      "name": "CMMC_L3_IR.3.098",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.3.098"
    },
    {
      "name": "CMMC_L3_IR.3.099",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_IR.3.099"
    },
    {
      "name": "CMMC_L3_MA.2.111",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.111"
    },
    {
      "name": "CMMC_L3_MA.2.112",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.112"
    },
    {
      "name": "CMMC_L3_MA.2.113",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.113"
    },
    {
      "name": "CMMC_L3_MA.2.114",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.2.114"
    },
    {
      "name": "CMMC_L3_MA.3.115",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.3.115"
    },
    {
      "name": "CMMC_L3_MA.3.116",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MA.3.116"
    },
    {
      "name": "CMMC_L3_MP.1.118",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.1.118"
    },
    {
      "name": "CMMC_L3_MP.2.119",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.119"
    },
    {
      "name": "CMMC_L3_MP.2.120",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.120"
    },
    {
      "name": "CMMC_L3_MP.2.121",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.2.121"
    },
    {
      "name": "CMMC_L3_MP.3.122",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.122"
    },
    {
      "name": "CMMC_L3_MP.3.123",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.123"
    },
    {
      "name": "CMMC_L3_MP.3.124",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.124"
    },
    {
      "name": "CMMC_L3_MP.3.125",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_MP.3.125"
    },
    {
      "name": "CMMC_L3_PE.1.131",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.131"
    },
    {
      "name": "CMMC_L3_PE.1.132",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.132"
    },
    {
      "name": "CMMC_L3_PE.1.133",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.133"
    },
    {
      "name": "CMMC_L3_PE.1.134",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.1.134"
    },
    {
      "name": "CMMC_L3_PE.2.135",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.2.135"
    },
    {
      "name": "CMMC_L3_PE.3.136",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PE.3.136"
    },
    {
      "name": "CMMC_L3_PS.2.127",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PS.2.127"
    },
    {
      "name": "CMMC_L3_PS.2.128",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_PS.2.128"
    },
    {
      "name": "CMMC_L3_RE.2.137",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.2.137"
    },
    {
      "name": "CMMC_L3_RE.2.138",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.2.138"
    },
    {
      "name": "CMMC_L3_RE.3.139",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RE.3.139"
    },
    {
      "name": "CMMC_L3_RM.2.141",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.141"
    },
    {
      "name": "CMMC_L3_RM.2.142",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.142"
    },
    {
      "name": "CMMC_L3_RM.2.143",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.2.143"
    },
    {
      "name": "CMMC_L3_RM.3.144",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.144"
    },
    {
      "name": "CMMC_L3_RM.3.146",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.146"
    },
    {
      "name": "CMMC_L3_RM.3.147",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_RM.3.147"
    },
    {
      "name": "CMMC_L3_SA.3.169",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SA.3.169"
    },
    {
      "name": "CMMC_L3_SC.1.175",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.1.175"
    },
    {
      "name": "CMMC_L3_SC.1.176",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.1.176"
    },
    {
      "name": "CMMC_L3_SC.2.178",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.2.178"
    },
    {
      "name": "CMMC_L3_SC.2.179",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.2.179"
    },
    {
      "name": "CMMC_L3_SC.3.177",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.177"
    },
    {
      "name": "CMMC_L3_SC.3.180",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.180"
    },
    {
      "name": "CMMC_L3_SC.3.181",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.181"
    },
    {
      "name": "CMMC_L3_SC.3.182",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.182"
    },
    {
      "name": "CMMC_L3_SC.3.183",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.183"
    },
    {
      "name": "CMMC_L3_SC.3.184",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.184"
    },
    {
      "name": "CMMC_L3_SC.3.185",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.185"
    },
    {
      "name": "CMMC_L3_SC.3.186",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.186"
    },
    {
      "name": "CMMC_L3_SC.3.187",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.187"
    },
    {
      "name": "CMMC_L3_SC.3.188",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.188"
    },
    {
      "name": "CMMC_L3_SC.3.189",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.189"
    },
    {
      "name": "CMMC_L3_SC.3.190",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.190"
    },
    {
      "name": "CMMC_L3_SC.3.191",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.191"
    },
    {
      "name": "CMMC_L3_SC.3.192",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.192"
    },
    {
      "name": "CMMC_L3_SC.3.193",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SC.3.193"
    },
    {
      "name": "CMMC_L3_SI.1.210",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.210"
    },
    {
      "name": "CMMC_L3_SI.1.211",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.211"
    },
    {
      "name": "CMMC_L3_SI.1.212",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.212"
    },
    {
      "name": "CMMC_L3_SI.1.213",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.1.213"
    },
    {
      "name": "CMMC_L3_SI.2.214",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.214"
    },
    {
      "name": "CMMC_L3_SI.2.216",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.216"
    },
    {
      "name": "CMMC_L3_SI.2.217",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.2.217"
    },
    {
      "name": "CMMC_L3_SI.3.218",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.218"
    },
    {
      "name": "CMMC_L3_SI.3.219",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.219"
    },
    {
      "name": "CMMC_L3_SI.3.220",
      "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CMMC_L3_SI.3.220"
    }
  ]
}