AzPolicyInitiativesAdvertizer

Azure Policy Initiative

[Preview]: New Zealand Information Security Manual

Policy DisplayName

Policy Id

Category

Effect

State

[Preview]: All Internet traffic should be routed via your deployed Azure Firewall

fc5e4038-4584-4632-8c85-c0448d374b2c

Network

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Preview

[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted

32133ab0-ee4b-4b44-98d6-042180979d50

Monitoring

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Preview

[Preview]: Storage account public access should be disallowed

4fa4b6c0-31ca-4c0d-b10d-24b96f62a751

Storage

Default: audit
Allowed: (audit, deny, disabled)

Preview

A maximum of 3 owners should be designated for your subscription

4f11b553-d42e-4e3a-89be-32ca364cad4c

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

A vulnerability assessment solution should be enabled on your virtual machines

501541f7-f7e7-4cd6-868c-4190fdad3ac9

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Activity log should be retained for at least one year

b02aacc0-b073-424e-8298-42b22829ee0a

Monitoring

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Adaptive application controls for defining safe applications should be enabled on your machines

47a6b606-51aa-4496-8bb7-64b11cf66adc

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Adaptive network hardening recommendations should be applied on internet facing virtual machines

08e6af2d-db70-460a-bfe9-d5bd474ba9d6

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Advanced data security should be enabled on SQL Managed Instance

abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Advanced data security should be enabled on your SQL servers

abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

An Azure Active Directory administrator should be provisioned for SQL servers

1f314764-cb73-4fc9-b863-8eca98ac36e9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

API App should only be accessible over HTTPS

b7ddfbdc-1260-477d-91fd-98bd9be789a6

App Service

Default: Audit
Allowed: (Audit, Disabled)

Audit diagnostic setting

7f89b1eb-583c-429a-8828-af049802c1d9

Monitoring

Fixed: AuditIfNotExists

Audit Linux machines that allow remote connections from accounts without passwords

ea53dbee-c6c9-4f0e-9f9e-de0039b78023

Guest Configuration

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Audit Linux machines that have accounts without passwords

f6ec09a3-78bf-4f8f-99dc-6c77182d0f99

Guest Configuration

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted

5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138

Monitoring

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Audit Log Analytics workspace for VM - Report Mismatch

f47b5582-33ec-4c5c-87c0-b010a6b2e917

Monitoring

Fixed: audit

Audit virtual machines without disaster recovery configured

0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56

Compute

Fixed: auditIfNotExists

Audit Windows machines missing any of specified members in the Administrators group

30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7

Guest Configuration

Fixed: auditIfNotExists

Audit Windows machines that have extra accounts in the Administrators group

3d2a3320-2a72-4c67-ac5f-caa40fbee2b2

Guest Configuration

Fixed: auditIfNotExists

Audit Windows machines that have the specified members in the Administrators group

69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f

Guest Configuration

Fixed: auditIfNotExists

Azure DDoS Protection Standard should be enabled

a7aca53f-2ed4-4466-a25e-0b45ade68efd

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Azure subscriptions should have a log profile for Activity Log

7796937f-307b-4598-941c-67d3a05ebfe7

Monitoring

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

CORS should not allow every resource to access your Web Applications

5744710e-cc2f-4ee8-8809-3b11e89f4bc9

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Deploy Dependency agent for Windows virtual machine scale sets

3be22e3b-d919-47aa-805e-8985dbeb0ad9

Monitoring

Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)

Deploy Dependency agent for Windows virtual machines

1c210e94-a481-4beb-95fa-1571b434fb04

Monitoring

Default: DeployIfNotExists
Allowed: (DeployIfNotExists, Disabled)

Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs

331e8ea8-378a-410f-a2e5-ae22f38bb0da

Guest Configuration

Fixed: deployIfNotExists

Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs

385f5831-96d4-41db-9a3c-cd3af78aaae6

Guest Configuration

Fixed: deployIfNotExists

Deprecated accounts should be removed from your subscription

6b1cbf55-e8b6-442f-ba4c-7246b6381474

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Deprecated accounts with owner permissions should be removed from your subscription

ebb62a0c-3560-49e1-89ed-27e074e9f8ad

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Disk encryption should be applied on virtual machines

0961003e-5a0a-4549-abde-af6a37f2724d

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Endpoint protection solution should be installed on virtual machine scale sets

26a828e1-e88f-464e-bbb3-c134a282b9de

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

External accounts with owner permissions should be removed from your subscription

f8456c1c-aa66-4dfb-861a-25d127b775c9

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

External accounts with write permissions should be removed from your subscription

5c607a2e-c700-4744-8254-d77e7c9eb5e4

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Function App should only be accessible over HTTPS

6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab

App Service

Default: Audit
Allowed: (Audit, Disabled)

Internet-facing virtual machines should be protected with network security groups

f6de0be7-9a8a-4b8a-b349-43cf02d22f7c

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Latest TLS version should be used in your API App

8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Latest TLS version should be used in your Function App

f9d614c5-c173-4d56-95a7-b4437057d193

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Latest TLS version should be used in your Web App

f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Management ports of virtual machines should be protected with just-in-time network access control

b0f33259-77d7-4c9e-aac6-3aabcfae693c

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

MFA should be enabled accounts with write permissions on your subscription

9297c21d-2ed6-4474-b48f-163f75654ce3

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

MFA should be enabled on accounts with owner permissions on your subscription

aa633080-8b72-40c4-a2d7-d00c03e80bed

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

MFA should be enabled on accounts with read permissions on your subscription

e3576e28-8b17-4677-84c3-db2990658d64

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Microsoft IaaSAntimalware extension should be deployed on Windows servers

9b597639-28e4-48eb-b506-56b05d366257

Compute

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Monitor missing Endpoint Protection in Azure Security Center

af6cd1bd-1635-48cb-bde7-5b15693900b9

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Only secure connections to your Azure Cache for Redis should be enabled

22bee202-a82f-4305-9a2a-6d7f44d4dedb

Cache

Default: Audit
Allowed: (Audit, Deny, Disabled)

Remote debugging should be turned off for API Apps

e9c8d085-d9cc-4b17-9cdc-059f1f01f19e

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Remote debugging should be turned off for Function Apps

0e60b895-3786-45da-8377-9c6b4b6ac5f9

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Remote debugging should be turned off for Web Applications

cb510bfd-1cba-4d9f-a230-cb0976f4bb71

App Service

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Secure transfer to storage accounts should be enabled

404c3081-a854-4457-ae30-26a93ef643f9

Storage

Default: Audit
Allowed: (Audit, Deny, Disabled)

Service Fabric clusters should only use Azure Active Directory for client authentication

b54ed75b-3e1a-44ac-a333-05ba39b99ff0

Service Fabric

Default: Audit
Allowed: (Audit, Deny, Disabled)

Storage accounts should restrict network access

34c877ad-507e-4c82-993e-3452a6e0ad3c

Storage

Default: Audit
Allowed: (Audit, Deny, Disabled)

System updates on virtual machine scale sets should be installed

c3f317a7-a95c-4547-b7e7-11017ebdf2fe

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

System updates should be installed on your machines

86b3d65f-7626-441e-b690-81a8b71cff60

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

There should be more than one owner assigned to your subscription

09024ccc-0c5f-475e-9457-b7c0d9ed487b

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Transparent Data Encryption on SQL databases should be enabled

17k78e20-9358-41c9-923c-fb736d382a12

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Vulnerabilities in container security configurations should be remediated

e8cbc669-f12d-49eb-93e7-9273119e9933

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Vulnerabilities in security configuration on your machines should be remediated

e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Vulnerabilities in security configuration on your virtual machine scale sets should be remediated

3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Vulnerabilities on your SQL databases should be remediated

feedbf84-6b99-488c-acc2-71c829aa5ffc

Security Center

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports

057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Vulnerability assessment should be enabled on SQL Managed Instance

1b7aa243-30e4-4c9e-bca8-d0d3022b634a

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Vulnerability assessment should be enabled on your SQL servers

ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9

SQL

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Web Application Firewall (WAF) should be enabled for Application Gateway

564feb30-bf6a-4854-b4bb-0d2d2d1e6c66

Network

Default: Audit
Allowed: (Audit, Deny, Disabled)

Web Application Firewall (WAF) should be enabled for Azure Front Door Service service

055aa869-bc98-4af8-bafc-23f1ab6ffe2c

Network

Default: Audit
Allowed: (Audit, Deny, Disabled)

Web Application Firewall (WAF) should use the specified mode for Application Gateway

12430be1-6cc8-4527-a9a8-e3d38f250096

Network

Default: Audit
Allowed: (Audit, Deny, Disabled)

Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service

425bea59-a659-4cbb-8d31-34499bd030b8

Network

Default: Audit
Allowed: (Audit, Deny, Disabled)

Web Application should only be accessible over HTTPS

a4af4a39-4135-47fb-b175-47fbdf85311d

App Service

Default: Audit
Allowed: (Audit, Disabled)

Windows Defender Exploit Guard should be enabled on your machines

bed48b13-6647-468e-aa2f-1af1d3f4dd40

Guest Configuration

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Windows machines should meet requirements for 'Security Settings - Account Policies'

f2143251-70de-4e81-87a8-36cee5a2f29d

Guest Configuration

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Windows web servers should be configured to use secure communication protocols

5752e6d6-1206-46d8-8ab1-ecc2f71a8112

Guest Configuration

Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

{ "properties": { "displayName": "[Preview]: New Zealand Information Security Manual", "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of New Zealand Information Security Manual controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative.", "metadata": { "version": "2.0.0-preview", "category": "Regulatory Compliance", "preview": true }, "parameters": { "effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Web Application Firewall (WAF) should be enabled for Azure Front Door Service", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Adaptive network hardening recommendations should be applied on internet facing virtual machines", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: There should be more than one owner assigned to your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-0961003e-5a0a-4549-abde-af6a37f2724d": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Disk encryption should be applied on virtual machines", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Remote debugging should be turned off for Function Apps", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-12430be1-6cc8-4527-a9a8-e3d38f250096": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Web Application Firewall (WAF) should use the specified mode for Application Gateway", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096": { "type": "String", "metadata": { "displayName": "[Preview]: WAF mode requirement for Application Gateway", "description": "The Prevention or Detection mode must be enabled on the Application Gateway service" }, "allowedValues": [ "Prevention", "Detection" ], "defaultValue": "Detection" }, "effect-17k78e20-9358-41c9-923c-fb736d382a12": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Transparent Data Encryption on SQL databases should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Vulnerability assessment should be enabled on SQL Managed Instance", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "listOfImageIdToInclude-1c210e94-a481-4beb-95fa-1571b434fb04": { "type": "Array", "metadata": { "displayName": "[Preview]: Optional: List of custom VM images that have supported Windows OS to add to scope additional to the images in the gallery", "description": "For more information on Guest Configuration, visit https://aka.ms/gcpol" }, "defaultValue": [ ] }, "effect-1f314764-cb73-4fc9-b863-8eca98ac36e9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: An Azure Active Directory administrator should be provisioned for SQL servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Only secure connections to your Azure Cache for Redis should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-26a828e1-e88f-464e-bbb3-c134a282b9de": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": { "type": "String", "metadata": { "displayName": "[Preview]: Include Arc-connected servers when evaluating policy: Audit Windows machines missing any of specified members in the Administrators group", "description": "By selecting 'true,' you agree to be charged monthly per Arc connected machine" }, "allowedValues": [ "true", "false" ], "defaultValue": "false" }, "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": { "type": "String", "metadata": { "displayName": "[Preview]: List of users that must be included in Windows VM Administrators group", "description": "A semicolon-separated list of users that should be included in the Administrators local group; Ex: Administrator; myUser1; myUser2" } }, "listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50": { "type": "Array", "metadata": { "displayName": "[Preview]: Optional: List of custom VM images that have supported Windows OS to add to scope additional to the images in the gallery", "description": "For more information on Guest Configuration, visit https://aka.ms/gcpol" }, "defaultValue": [ ] }, "listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50": { "type": "Array", "metadata": { "displayName": "[Preview]: Optional: List of custom VM images that have supported Linux OS to add to scope additional to the images in the gallery", "description": "For more information on Guest Configuration, visit https://aka.ms/gcpol" }, "defaultValue": [ ] }, "effect-34c877ad-507e-4c82-993e-3452a6e0ad3c": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Storage accounts should restrict network access", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "listOfImageIdToInclude-3be22e3b-d919-47aa-805e-8985dbeb0ad9": { "type": "Array", "metadata": { "displayName": "[Preview]: Optional: List of custom VM images that have supported Windows OS to add to scope additional to the images in the gallery", "description": "For more information on Guest Configuration, visit https://aka.ms/gcpol" }, "defaultValue": [ ] }, "effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2": { "type": "String", "metadata": { "displayName": "[Preview]: Include Arc-connected servers when evaluating policy: Audit Windows machines that have extra accounts in the Administrators group", "description": "By selecting 'true,' you agree to be charged monthly per Arc connected machine" }, "allowedValues": [ "true", "false" ], "defaultValue": "false" }, "Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2": { "type": "String", "metadata": { "displayName": "[Preview]: List of users that Windows VM Administrators group must only include", "description": "A semicolon-separated list of all the expected members of the Administrators local group; Ex: Administrator; myUser1; myUser2" }, "defaultValue": "Administrator" }, "effect-404c3081-a854-4457-ae30-26a93ef643f9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Secure transfer to storage accounts should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-425bea59-a659-4cbb-8d31-34499bd030b8": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8": { "type": "String", "metadata": { "displayName": "[Preview]: WAF mode requirement for Azure Front Door Service", "description": "The Prevention or Detection mode must be enabled on the Azure Front Door service" }, "allowedValues": [ "Prevention", "Detection" ], "defaultValue": "Detection" }, "effect-47a6b606-51aa-4496-8bb7-64b11cf66adc": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Adaptive application controls for defining safe applications should be enabled on your machines", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-4f11b553-d42e-4e3a-89be-32ca364cad4c": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: A maximum of 3 owners should be designated for your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: [Preview]: Storage account public access should be disallowed", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "audit", "deny", "disabled" ], "defaultValue": "audit" }, "effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: A vulnerability assessment solution should be enabled on your virtual machines", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Web Application Firewall (WAF) should be enabled for Application Gateway", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: CORS should not allow every resource to access your Web Applications", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112": { "type": "String", "metadata": { "displayName": "[Preview]: Include Arc-connected servers when evaluating policy: Audit Windows web servers that are not using secure communication protocols", "description": "By selecting 'true,' you agree to be charged monthly per Arc connected machine" }, "allowedValues": [ "true", "false" ], "defaultValue": "false" }, "MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112": { "type": "String", "metadata": { "displayName": "[Preview]: Minimum TLS version for Windows web servers", "description": "Windows web servers with lower TLS versions will be assessed as non-compliant" }, "allowedValues": [ "1.1", "1.2" ], "defaultValue": "1.2" }, "listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": { "type": "Array", "metadata": { "displayName": "[Preview]: Optional: List of custom VM images that have supported Windows OS to add to scope additional to the images in the gallery", "description": "For more information on Guest Configuration, visit https://aka.ms/gcpol" }, "defaultValue": [ ] }, "listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": { "type": "Array", "metadata": { "displayName": "[Preview]: Optional: List of custom VM images that have supported Linux OS to add to scope additional to the images in the gallery", "description": "For more information on Guest Configuration, visit https://aka.ms/gcpol" }, "defaultValue": [ ] }, "effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: External accounts with write permissions should be removed from your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": { "type": "String", "metadata": { "displayName": "[Preview]: Include Arc-connected servers when evaluating policy: Audit Windows machines that have the specified members in the Administrators group", "description": "By selecting 'true,' you agree to be charged monthly per Arc connected machine" }, "allowedValues": [ "true", "false" ], "defaultValue": "false" }, "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": { "type": "String", "metadata": { "displayName": "[Preview]: List of users that must be excluded from Windows VM Administrators group", "description": "A semicolon-separated list of users that should be excluded in the Administrators local group; Ex: Administrator; myUser1; myUser2" } }, "effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Deprecated accounts should be removed from your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Function App should only be accessible over HTTPS", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-7796937f-307b-4598-941c-67d3a05ebfe7": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Azure subscriptions should have a log profile for Activity Log", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9": { "type": "Array", "metadata": { "displayName": "[Preview]: List of resource types that should have resource logs enabled", "strongType": "resourceTypes" }, "defaultValue": [ "Microsoft.AnalysisServices/servers", "Microsoft.ApiManagement/service", "Microsoft.Network/applicationGateways", "Microsoft.Automation/automationAccounts", "Microsoft.ContainerInstance/containerGroups", "Microsoft.ContainerRegistry/registries", "Microsoft.ContainerService/managedClusters", "Microsoft.Batch/batchAccounts", "Microsoft.Cdn/profiles/endpoints", "Microsoft.CognitiveServices/accounts", "Microsoft.DocumentDB/databaseAccounts", "Microsoft.DataFactory/factories", "Microsoft.DataLakeAnalytics/accounts", "Microsoft.DataLakeStore/accounts", "Microsoft.EventGrid/eventSubscriptions", "Microsoft.EventGrid/topics", "Microsoft.EventHub/namespaces", "Microsoft.Network/expressRouteCircuits", "Microsoft.Network/azureFirewalls", "Microsoft.HDInsight/clusters", "Microsoft.Devices/IotHubs", "Microsoft.KeyVault/vaults", "Microsoft.Network/loadBalancers", "Microsoft.Logic/integrationAccounts", "Microsoft.Logic/workflows", "Microsoft.DBforMySQL/servers", "Microsoft.Network/networkInterfaces", "Microsoft.Network/networkSecurityGroups", "Microsoft.DBforPostgreSQL/servers", "Microsoft.PowerBIDedicated/capacities", "Microsoft.Network/publicIPAddresses", "Microsoft.RecoveryServices/vaults", "Microsoft.Cache/redis", "Microsoft.Relay/namespaces", "Microsoft.Search/searchServices", "Microsoft.ServiceBus/namespaces", "Microsoft.SignalRService/SignalR", "Microsoft.Sql/servers/databases", "Microsoft.Sql/servers/elasticPools", "Microsoft.StreamAnalytics/streamingjobs", "Microsoft.TimeSeriesInsights/environments", "Microsoft.Network/trafficManagerProfiles", "Microsoft.Compute/virtualMachines", "Microsoft.Compute/virtualMachineScaleSets", "Microsoft.Network/virtualNetworks", "Microsoft.Network/virtualNetworkGateways" ] }, "effect-86b3d65f-7626-441e-b690-81a8b71cff60": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: System updates should be installed on your machines", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Latest TLS version should be used in your API App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-9297c21d-2ed6-4474-b48f-163f75654ce3": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: MFA should be enabled accounts with write permissions on your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-9b597639-28e4-48eb-b506-56b05d366257": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Microsoft IaaSAntimalware extension should be deployed on Windows servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-a4af4a39-4135-47fb-b175-47fbdf85311d": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Web Application should only be accessible over HTTPS", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Azure DDoS Protection Standard should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-aa633080-8b72-40c4-a2d7-d00c03e80bed": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: MFA should be enabled on accounts with owner permissions on your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Advanced data security should be enabled on your SQL servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Advanced data security should be enabled on SQL Managed Instance", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b02aacc0-b073-424e-8298-42b22829ee0a": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Activity log should be retained for at least one year", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Management ports of virtual machines should be protected with just-in-time network access control", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Service Fabric clusters should only use Azure Active Directory for client authentication", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Deny", "Disabled" ], "defaultValue": "Audit" }, "effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: API App should only be accessible over HTTPS", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "Audit", "Disabled" ], "defaultValue": "Audit" }, "IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40": { "type": "String", "metadata": { "displayName": "[Preview]: Include Arc-connected servers when evaluating policy: Audit Windows machines on which Windows Defender Exploit Guard is not enabled", "description": "By selecting 'true,' you agree to be charged monthly per Arc connected machine" }, "allowedValues": [ "true", "false" ], "defaultValue": "false" }, "NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40": { "type": "String", "metadata": { "displayName": "[Preview]: Compliance state to report for Windows machines on which Windows Defender Exploit Guard is not available", "description": "Windows Defender Exploit Guard is only available starting with Windows 10/Windows Server with update 1709. Setting this value to 'Non-Compliant' shows machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) as non-compliant. Setting this value to 'Compliant' shows these machines as compliant." }, "allowedValues": [ "Compliant", "Non-Compliant" ], "defaultValue": "Non-Compliant" }, "effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Audit Windows machines on which Windows Defender Exploit Guard is not enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: System updates on virtual machine scale sets should be installed", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Remote debugging should be turned off for Web Applications", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Vulnerabilities in security configuration on your machines should be remediated", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-e3576e28-8b17-4677-84c3-db2990658d64": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: MFA should be enabled on accounts with read permissions on your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "listOfAllowedLocations-e56962a6-4747-49cd-b67b-bf8b01975c4c": { "type": "Array", "metadata": { "displayName": "[Preview]: Allowed locations for resources (deployments to other locations will be denied)", "description": "Locations for NZISM Restricted are New Zealand North, Australia East, Australia Southeast, Australia Central and Australia Central 2.", "strongType": "location", "deprecated": true }, "allowedValues": [ "australiaeast", "australiasoutheast", "australiacentral", "australiacentral2" ], "defaultValue": [ ] }, "listOfAllowedLocations-e765b5de-1225-4ba3-bd56-1ac6695af988": { "type": "Array", "metadata": { "displayName": "[Preview]: Allowed locations for resource groups (deployments to other locations will be denied)", "description": "Locations for NZISM Restricted are New Zealand North, Australia East, Australia Southeast, Australia Central and Australia Central 2.", "strongType": "location", "deprecated": true }, "allowedValues": [ "australiaeast", "australiasoutheast", "australiacentral", "australiacentral2" ], "defaultValue": [ ] }, "effect-e8cbc669-f12d-49eb-93e7-9273119e9933": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Vulnerabilities in container security configurations should be remediated", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Remote debugging should be turned off for API Apps", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023": { "type": "String", "metadata": { "displayName": "[Preview]: Include Arc-connected servers when evaluating policy: Audit Linux machines that allow remote connections from accounts without passwords", "description": "By selecting 'true,' you agree to be charged monthly per Arc connected machine" }, "allowedValues": [ "true", "false" ], "defaultValue": "false" }, "effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Audit Linux machines that allow remote connections from accounts without passwords", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Deprecated accounts with owner permissions should be removed from your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Vulnerability assessment should be enabled on your SQL servers", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Latest TLS version should be used in your Web App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d": { "type": "String", "metadata": { "displayName": "[Preview]: Include Arc-connected servers when evaluating policy: Windows machines should meet requirements for 'Security Settings - Account Policies'", "description": "By selecting 'true,' you agree to be charged monthly per Arc connected machine" }, "allowedValues": [ "true", "false" ], "defaultValue": "false" }, "EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d": { "type": "String", "metadata": { "displayName": "[Preview]: Enforce password history for Windows VM local accounts", "description": "Changing a password at least every 90 days will limit the time period in which a disclosed password could be used by an unauthorised system user." }, "defaultValue": "24" }, "MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d": { "type": "String", "metadata": { "displayName": "[Preview]: Maximum password age for Windows VM local accounts", "description": "Disallowing passwords from being reused within eight changes will prevent a system user from cycling between a small subset of passwords" }, "defaultValue": "1,70" }, "MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d": { "type": "String", "metadata": { "displayName": "[Preview]: Minimum password age for Windows VM local accounts", "description": "Preventing a system user from changing their password more than once a day will stop the system user from immediately changing their password back to their old password." }, "defaultValue": "1" }, "MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d": { "type": "String", "metadata": { "displayName": "[Preview]: Minimum password length for Windows VM local accounts", "description": "Password controls are designed to manage risks and attack methods using the controls specified in the NZISM. One of those controls is to enforce a minimum password length for each user account." }, "defaultValue": "14" }, "PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d": { "type": "String", "metadata": { "displayName": "[Preview]: Password must meet complexity requirements for Windows VM local accounts", "description": "Disallowing predictable reset passwords will reduce the security risk of brute force attacks and password guessing attacks." }, "defaultValue": "1" }, "effect-f2143251-70de-4e81-87a8-36cee5a2f29d": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Windows machines should meet requirements for 'Security Settings - Account Policies'", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917": { "type": "String", "metadata": { "displayName": "[Preview]: Log Analytics workspace ID for VM agent reporting", "description": "ID (GUID) of the Log Analytics workspace where VMs agents should report" } }, "effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Internet-facing virtual machines should be protected with network security groups", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "IncludeArcMachines-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99": { "type": "String", "metadata": { "displayName": "[Preview]: Include Arc-connected servers when evaluating policy: Audit Linux machines that have accounts without passwords", "description": "By selecting 'true,' you agree to be charged monthly per Arc connected machine" }, "allowedValues": [ "true", "false" ], "defaultValue": "false" }, "effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Audit Linux machines that have accounts without passwords", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-f8456c1c-aa66-4dfb-861a-25d127b775c9": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: External accounts with owner permissions should be removed from your subscription", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-f9d614c5-c173-4d56-95a7-b4437057d193": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Latest TLS version should be used in your Function App", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-fc5e4038-4584-4632-8c85-c0448d374b2c": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: [Preview]: All Internet traffic should be routed via your deployed Azure Firewall", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" }, "effect-feedbf84-6b99-488c-acc2-71c829aa5ffc": { "type": "String", "metadata": { "displayName": "[Preview]: Effect for policy: Vulnerabilities on your SQL databases should be remediated", "description": "For more information about effects, visit https://aka.ms/policyeffects" }, "allowedValues": [ "AuditIfNotExists", "Disabled" ], "defaultValue": "AuditIfNotExists" } }, "policyDefinitions": [ { "policyDefinitionReferenceId": "055aa869-bc98-4af8-bafc-23f1ab6ffe2c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c", "parameters": { "effect": { "value": "[parameters('effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-7" ] }, { "policyDefinitionReferenceId": "057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9", "parameters": { "effect": { "value": "[parameters('effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ISM-3" ] }, { "policyDefinitionReferenceId": "08e6af2d-db70-460a-bfe9-d5bd474ba9d6", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", "parameters": { "effect": { "value": "[parameters('effect-08e6af2d-db70-460a-bfe9-d5bd474ba9d6')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-2" ] }, { "policyDefinitionReferenceId": "09024ccc-0c5f-475e-9457-b7c0d9ed487b", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b", "parameters": { "effect": { "value": "[parameters('effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2" ] }, { "policyDefinitionReferenceId": "0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "parameters": { "effect": { "value": "[parameters('effect-0961003e-5a0a-4549-abde-af6a37f2724d')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_CR-2", "NZISM_Security_Benchmark_v1.0_DM-6" ] }, { "policyDefinitionReferenceId": "0e60b895-3786-45da-8377-9c6b4b6ac5f9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9", "parameters": { "effect": { "value": "[parameters('effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-7" ] }, { "policyDefinitionReferenceId": "12430be1-6cc8-4527-a9a8-e3d38f250096", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096", "parameters": { "effect": { "value": "[parameters('effect-12430be1-6cc8-4527-a9a8-e3d38f250096')]" }, "modeRequirement": { "value": "[parameters('modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-7" ] }, { "policyDefinitionReferenceId": "17k78e20-9358-41c9-923c-fb736d382a12", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12", "parameters": { "effect": { "value": "[parameters('effect-17k78e20-9358-41c9-923c-fb736d382a12')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_DM-6" ] }, { "policyDefinitionReferenceId": "1b7aa243-30e4-4c9e-bca8-d0d3022b634a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a", "parameters": { "effect": { "value": "[parameters('effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ISM-3" ] }, { "policyDefinitionReferenceId": "1c210e94-a481-4beb-95fa-1571b434fb04", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04", "parameters": { "listOfImageIdToInclude": { "value": "[parameters('listOfImageIdToInclude-1c210e94-a481-4beb-95fa-1571b434fb04')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2", "NZISM_Security_Benchmark_v1.0_AC-4", "NZISM_Security_Benchmark_v1.0_AC-5", "NZISM_Security_Benchmark_v1.0_AC-9" ] }, { "policyDefinitionReferenceId": "1f314764-cb73-4fc9-b863-8eca98ac36e9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9", "parameters": { "effect": { "value": "[parameters('effect-1f314764-cb73-4fc9-b863-8eca98ac36e9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_DM-6" ] }, { "policyDefinitionReferenceId": "22bee202-a82f-4305-9a2a-6d7f44d4dedb", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb", "parameters": { "effect": { "value": "[parameters('effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-8", "NZISM_Security_Benchmark_v1.0_DM-6" ] }, { "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", "parameters": { "effect": { "value": "[parameters('effect-26a828e1-e88f-464e-bbb3-c134a282b9de')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-2", "NZISM_Security_Benchmark_v1.0_DM-4" ] }, { "policyDefinitionReferenceId": "30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7", "parameters": { "IncludeArcMachines": { "value": "[parameters('IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7')]" }, "MembersToInclude": { "value": "[parameters('MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2", "NZISM_Security_Benchmark_v1.0_AC-9" ] }, { "policyDefinitionReferenceId": "32133ab0-ee4b-4b44-98d6-042180979d50", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50", "parameters": { "listOfImageIdToInclude_windows": { "value": "[parameters('listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50')]" }, "listOfImageIdToInclude_linux": { "value": "[parameters('listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-14" ] }, { "policyDefinitionReferenceId": "331e8ea8-378a-410f-a2e5-ae22f38bb0da", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da", "parameters": { }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2" ] }, { "policyDefinitionReferenceId": "34c877ad-507e-4c82-993e-3452a6e0ad3c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c", "parameters": { "effect": { "value": "[parameters('effect-34c877ad-507e-4c82-993e-3452a6e0ad3c')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-2" ] }, { "policyDefinitionReferenceId": "385f5831-96d4-41db-9a3c-cd3af78aaae6", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6", "parameters": { }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2", "NZISM_Security_Benchmark_v1.0_AC-9", "NZISM_Security_Benchmark_v1.0_CR-6" ] }, { "policyDefinitionReferenceId": "3be22e3b-d919-47aa-805e-8985dbeb0ad9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9", "parameters": { "listOfImageIdToInclude": { "value": "[parameters('listOfImageIdToInclude-3be22e3b-d919-47aa-805e-8985dbeb0ad9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-2", "NZISM_Security_Benchmark_v1.0_DM-4" ] }, { "policyDefinitionReferenceId": "3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4", "parameters": { "effect": { "value": "[parameters('effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ISM-3" ] }, { "policyDefinitionReferenceId": "3d2a3320-2a72-4c67-ac5f-caa40fbee2b2", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2", "parameters": { "IncludeArcMachines": { "value": "[parameters('IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2')]" }, "Members": { "value": "[parameters('Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2", "NZISM_Security_Benchmark_v1.0_AC-9" ] }, { "policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", "parameters": { "effect": { "value": "[parameters('effect-404c3081-a854-4457-ae30-26a93ef643f9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_DM-6" ] }, { "policyDefinitionReferenceId": "425bea59-a659-4cbb-8d31-34499bd030b8", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8", "parameters": { "effect": { "value": "[parameters('effect-425bea59-a659-4cbb-8d31-34499bd030b8')]" }, "modeRequirement": { "value": "[parameters('modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-7" ] }, { "policyDefinitionReferenceId": "47a6b606-51aa-4496-8bb7-64b11cf66adc", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "parameters": { "effect": { "value": "[parameters('effect-47a6b606-51aa-4496-8bb7-64b11cf66adc')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-4" ] }, { "policyDefinitionReferenceId": "4f11b553-d42e-4e3a-89be-32ca364cad4c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c", "parameters": { "effect": { "value": "[parameters('effect-4f11b553-d42e-4e3a-89be-32ca364cad4c')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2" ] }, { "policyDefinitionReferenceId": "4fa4b6c0-31ca-4c0d-b10d-24b96f62a751", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751", "parameters": { "effect": { "value": "[parameters('effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-2" ] }, { "policyDefinitionReferenceId": "501541f7-f7e7-4cd6-868c-4190fdad3ac9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9", "parameters": { "effect": { "value": "[parameters('effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ISM-3" ] }, { "policyDefinitionReferenceId": "564feb30-bf6a-4854-b4bb-0d2d2d1e6c66", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66", "parameters": { "effect": { "value": "[parameters('effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-7" ] }, { "policyDefinitionReferenceId": "5744710e-cc2f-4ee8-8809-3b11e89f4bc9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5744710e-cc2f-4ee8-8809-3b11e89f4bc9", "parameters": { "effect": { "value": "[parameters('effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-8" ] }, { "policyDefinitionReferenceId": "5752e6d6-1206-46d8-8ab1-ecc2f71a8112", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112", "parameters": { "IncludeArcMachines": { "value": "[parameters('IncludeArcMachines-5752e6d6-1206-46d8-8ab1-ecc2f71a8112')]" }, "MinimumTLSVersion": { "value": "[parameters('MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_CR-6", "NZISM_Security_Benchmark_v1.0_DM-6" ] }, { "policyDefinitionReferenceId": "5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138", "parameters": { "listOfImageIdToInclude_windows": { "value": "[parameters('listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138')]" }, "listOfImageIdToInclude_linux": { "value": "[parameters('listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-14" ] }, { "policyDefinitionReferenceId": "5c607a2e-c700-4744-8254-d77e7c9eb5e4", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4", "parameters": { "effect": { "value": "[parameters('effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_PRS-5" ] }, { "policyDefinitionReferenceId": "69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f", "parameters": { "IncludeArcMachines": { "value": "[parameters('IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f')]" }, "MembersToExclude": { "value": "[parameters('MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2", "NZISM_Security_Benchmark_v1.0_AC-9" ] }, { "policyDefinitionReferenceId": "6b1cbf55-e8b6-442f-ba4c-7246b6381474", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474", "parameters": { "effect": { "value": "[parameters('effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_PRS-5", "NZISM_Security_Benchmark_v1.0_AC-5" ] }, { "policyDefinitionReferenceId": "6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab", "parameters": { "effect": { "value": "[parameters('effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-8" ] }, { "policyDefinitionReferenceId": "7796937f-307b-4598-941c-67d3a05ebfe7", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7", "parameters": { "effect": { "value": "[parameters('effect-7796937f-307b-4598-941c-67d3a05ebfe7')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-13" ] }, { "policyDefinitionReferenceId": "7f89b1eb-583c-429a-8828-af049802c1d9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9", "parameters": { "listOfResourceTypes": { "value": "[parameters('listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-14", "NZISM_Security_Benchmark_v1.0_DM-6" ] }, { "policyDefinitionReferenceId": "86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "parameters": { "effect": { "value": "[parameters('effect-86b3d65f-7626-441e-b690-81a8b71cff60')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_PRS-5" ] }, { "policyDefinitionReferenceId": "8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e", "parameters": { "effect": { "value": "[parameters('effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_CR-6" ] }, { "policyDefinitionReferenceId": "9297c21d-2ed6-4474-b48f-163f75654ce3", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3", "parameters": { "effect": { "value": "[parameters('effect-9297c21d-2ed6-4474-b48f-163f75654ce3')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-3", "NZISM_Security_Benchmark_v1.0_AC-17" ] }, { "policyDefinitionReferenceId": "9b597639-28e4-48eb-b506-56b05d366257", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257", "parameters": { "effect": { "value": "[parameters('effect-9b597639-28e4-48eb-b506-56b05d366257')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-2" ] }, { "policyDefinitionReferenceId": "a4af4a39-4135-47fb-b175-47fbdf85311d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d", "parameters": { "effect": { "value": "[parameters('effect-a4af4a39-4135-47fb-b175-47fbdf85311d')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-8" ] }, { "policyDefinitionReferenceId": "a7aca53f-2ed4-4466-a25e-0b45ade68efd", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", "parameters": { "effect": { "value": "[parameters('effect-a7aca53f-2ed4-4466-a25e-0b45ade68efd')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-5" ] }, { "policyDefinitionReferenceId": "aa633080-8b72-40c4-a2d7-d00c03e80bed", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed", "parameters": { "effect": { "value": "[parameters('effect-aa633080-8b72-40c4-a2d7-d00c03e80bed')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-3", "NZISM_Security_Benchmark_v1.0_AC-17" ] }, { "policyDefinitionReferenceId": "abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9", "parameters": { "effect": { "value": "[parameters('effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_DM-6" ] }, { "policyDefinitionReferenceId": "abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9", "parameters": { "effect": { "value": "[parameters('effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_DM-6" ] }, { "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "parameters": { "effect": { "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-2", "NZISM_Security_Benchmark_v1.0_DM-4" ] }, { "policyDefinitionReferenceId": "b02aacc0-b073-424e-8298-42b22829ee0a", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a", "parameters": { "effect": { "value": "[parameters('effect-b02aacc0-b073-424e-8298-42b22829ee0a')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-15" ] }, { "policyDefinitionReferenceId": "b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "parameters": { "effect": { "value": "[parameters('effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-7" ] }, { "policyDefinitionReferenceId": "b54ed75b-3e1a-44ac-a333-05ba39b99ff0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0", "parameters": { "effect": { "value": "[parameters('effect-b54ed75b-3e1a-44ac-a333-05ba39b99ff0')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2" ] }, { "policyDefinitionReferenceId": "b7ddfbdc-1260-477d-91fd-98bd9be789a6", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7ddfbdc-1260-477d-91fd-98bd9be789a6", "parameters": { "effect": { "value": "[parameters('effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_SS-8" ] }, { "policyDefinitionReferenceId": "bed48b13-6647-468e-aa2f-1af1d3f4dd40", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40", "parameters": { "IncludeArcMachines": { "value": "[parameters('IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40')]" }, "NotAvailableMachineState": { "value": "[parameters('NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40')]" }, "effect": { "value": "[parameters('effect-bed48b13-6647-468e-aa2f-1af1d3f4dd40')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_DM-4" ] }, { "policyDefinitionReferenceId": "c3f317a7-a95c-4547-b7e7-11017ebdf2fe", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe", "parameters": { "effect": { "value": "[parameters('effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_PRS-5" ] }, { "policyDefinitionReferenceId": "cb510bfd-1cba-4d9f-a230-cb0976f4bb71", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71", "parameters": { "effect": { "value": "[parameters('effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-7" ] }, { "policyDefinitionReferenceId": "e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "parameters": { "effect": { "value": "[parameters('effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ISM-3" ] }, { "policyDefinitionReferenceId": "e3576e28-8b17-4677-84c3-db2990658d64", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64", "parameters": { "effect": { "value": "[parameters('effect-e3576e28-8b17-4677-84c3-db2990658d64')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-3", "NZISM_Security_Benchmark_v1.0_AC-17" ] }, { "policyDefinitionReferenceId": "e8cbc669-f12d-49eb-93e7-9273119e9933", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8cbc669-f12d-49eb-93e7-9273119e9933", "parameters": { "effect": { "value": "[parameters('effect-e8cbc669-f12d-49eb-93e7-9273119e9933')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ISM-3" ] }, { "policyDefinitionReferenceId": "e9c8d085-d9cc-4b17-9cdc-059f1f01f19e", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9c8d085-d9cc-4b17-9cdc-059f1f01f19e", "parameters": { "effect": { "value": "[parameters('effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-7" ] }, { "policyDefinitionReferenceId": "ea53dbee-c6c9-4f0e-9f9e-de0039b78023", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023", "parameters": { "IncludeArcMachines": { "value": "[parameters('IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023')]" }, "effect": { "value": "[parameters('effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2" ] }, { "policyDefinitionReferenceId": "ebb62a0c-3560-49e1-89ed-27e074e9f8ad", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad", "parameters": { "effect": { "value": "[parameters('effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ISM-3", "NZISM_Security_Benchmark_v1.0_PRS-5", "NZISM_Security_Benchmark_v1.0_AC-5" ] }, { "policyDefinitionReferenceId": "ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9", "parameters": { "effect": { "value": "[parameters('effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ISM-3" ] }, { "policyDefinitionReferenceId": "f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b", "parameters": { "effect": { "value": "[parameters('effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_CR-6" ] }, { "policyDefinitionReferenceId": "f2143251-70de-4e81-87a8-36cee5a2f29d", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d", "parameters": { "IncludeArcMachines": { "value": "[parameters('IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d')]" }, "EnforcePasswordHistory": { "value": "[parameters('EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d')]" }, "MaximumPasswordAge": { "value": "[parameters('MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d')]" }, "MinimumPasswordAge": { "value": "[parameters('MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d')]" }, "MinimumPasswordLength": { "value": "[parameters('MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d')]" }, "PasswordMustMeetComplexityRequirements": { "value": "[parameters('PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d')]" }, "effect": { "value": "[parameters('effect-f2143251-70de-4e81-87a8-36cee5a2f29d')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-4" ] }, { "policyDefinitionReferenceId": "f47b5582-33ec-4c5c-87c0-b010a6b2e917", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917", "parameters": { "logAnalyticsWorkspaceId": { "value": "[parameters('logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-14" ] }, { "policyDefinitionReferenceId": "f6de0be7-9a8a-4b8a-b349-43cf02d22f7c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c", "parameters": { "effect": { "value": "[parameters('effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-2" ] }, { "policyDefinitionReferenceId": "f6ec09a3-78bf-4f8f-99dc-6c77182d0f99", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99", "parameters": { "IncludeArcMachines": { "value": "[parameters('IncludeArcMachines-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99')]" }, "effect": { "value": "[parameters('effect-f6ec09a3-78bf-4f8f-99dc-6c77182d0f99')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_AC-2" ] }, { "policyDefinitionReferenceId": "f8456c1c-aa66-4dfb-861a-25d127b775c9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9", "parameters": { "effect": { "value": "[parameters('effect-f8456c1c-aa66-4dfb-861a-25d127b775c9')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_PRS-5" ] }, { "policyDefinitionReferenceId": "f9d614c5-c173-4d56-95a7-b4437057d193", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193", "parameters": { "effect": { "value": "[parameters('effect-f9d614c5-c173-4d56-95a7-b4437057d193')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_CR-6" ] }, { "policyDefinitionReferenceId": "fc5e4038-4584-4632-8c85-c0448d374b2c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c", "parameters": { "effect": { "value": "[parameters('effect-fc5e4038-4584-4632-8c85-c0448d374b2c')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_NS-7" ] }, { "policyDefinitionReferenceId": "feedbf84-6b99-488c-acc2-71c829aa5ffc", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc", "parameters": { "effect": { "value": "[parameters('effect-feedbf84-6b99-488c-acc2-71c829aa5ffc')]" } }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ISM-3" ] }, { "policyDefinitionReferenceId": "0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56", "parameters": { }, "groupNames": [ "NZISM_Security_Benchmark_v1.0_ESS-3" ] } ], "policyDefinitionGroups": [ { "name": "NZISM_Security_Benchmark_v1.0_AIS-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AIS-1" }, { "name": "NZISM_Security_Benchmark_v1.0_AIS-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AIS-2" }, { "name": "NZISM_Security_Benchmark_v1.0_ISGV-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-1" }, { "name": "NZISM_Security_Benchmark_v1.0_ISGV-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-2" }, { "name": "NZISM_Security_Benchmark_v1.0_ISGV-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISGV-3" }, { "name": "NZISM_Security_Benchmark_v1.0_ISG-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-1" }, { "name": "NZISM_Security_Benchmark_v1.0_ISG-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-2" }, { "name": "NZISM_Security_Benchmark_v1.0_ISG-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-3" }, { "name": "NZISM_Security_Benchmark_v1.0_ISG-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-4" }, { "name": "NZISM_Security_Benchmark_v1.0_ISG-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISG-5" }, { "name": "NZISM_Security_Benchmark_v1.0_SCA-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-1" }, { "name": "NZISM_Security_Benchmark_v1.0_SCA-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-2" }, { "name": "NZISM_Security_Benchmark_v1.0_SCA-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-3" }, { "name": "NZISM_Security_Benchmark_v1.0_SCA-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-4" }, { "name": "NZISM_Security_Benchmark_v1.0_SCA-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SCA-5" }, { "name": "NZISM_Security_Benchmark_v1.0_ISD-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-1" }, { "name": "NZISM_Security_Benchmark_v1.0_ISD-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-2" }, { "name": "NZISM_Security_Benchmark_v1.0_ISD-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-3" }, { "name": "NZISM_Security_Benchmark_v1.0_ISD-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-4" }, { "name": "NZISM_Security_Benchmark_v1.0_ISD-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-5" }, { "name": "NZISM_Security_Benchmark_v1.0_ISD-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-6" }, { "name": "NZISM_Security_Benchmark_v1.0_ISD-7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-7" }, { "name": "NZISM_Security_Benchmark_v1.0_ISD-8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISD-8" }, { "name": "NZISM_Security_Benchmark_v1.0_ISM-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-1" }, { "name": "NZISM_Security_Benchmark_v1.0_ISM-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-2" }, { "name": "NZISM_Security_Benchmark_v1.0_ISM-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-3" }, { "name": "NZISM_Security_Benchmark_v1.0_ISM-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-4" }, { "name": "NZISM_Security_Benchmark_v1.0_ISM-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISM-5" }, { "name": "NZISM_Security_Benchmark_v1.0_ISI-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-1" }, { "name": "NZISM_Security_Benchmark_v1.0_ISI-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-2" }, { "name": "NZISM_Security_Benchmark_v1.0_ISI-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ISI-3" }, { "name": "NZISM_Security_Benchmark_v1.0_PS-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-1" }, { "name": "NZISM_Security_Benchmark_v1.0_PS-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-2" }, { "name": "NZISM_Security_Benchmark_v1.0_PS-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-3" }, { "name": "NZISM_Security_Benchmark_v1.0_PS-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-4" }, { "name": "NZISM_Security_Benchmark_v1.0_PS-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PS-5" }, { "name": "NZISM_Security_Benchmark_v1.0_PSS-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-1" }, { "name": "NZISM_Security_Benchmark_v1.0_PSS-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-2" }, { "name": "NZISM_Security_Benchmark_v1.0_PSS-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-3" }, { "name": "NZISM_Security_Benchmark_v1.0_PSS-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-4" }, { "name": "NZISM_Security_Benchmark_v1.0_PSS-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PSS-5" }, { "name": "NZISM_Security_Benchmark_v1.0_INF-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-1" }, { "name": "NZISM_Security_Benchmark_v1.0_INF-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-2" }, { "name": "NZISM_Security_Benchmark_v1.0_INF-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-3" }, { "name": "NZISM_Security_Benchmark_v1.0_INF-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-4" }, { "name": "NZISM_Security_Benchmark_v1.0_INF-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-5" }, { "name": "NZISM_Security_Benchmark_v1.0_INF-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-6" }, { "name": "NZISM_Security_Benchmark_v1.0_INF-7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-7" }, { "name": "NZISM_Security_Benchmark_v1.0_INF-8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_INF-8" }, { "name": "NZISM_Security_Benchmark_v1.0_CSD-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-1" }, { "name": "NZISM_Security_Benchmark_v1.0_CSD-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-2" }, { "name": "NZISM_Security_Benchmark_v1.0_CSD-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-3" }, { "name": "NZISM_Security_Benchmark_v1.0_CSD-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-4" }, { "name": "NZISM_Security_Benchmark_v1.0_CSD-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-5" }, { "name": "NZISM_Security_Benchmark_v1.0_CSD-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-6" }, { "name": "NZISM_Security_Benchmark_v1.0_CSD-7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CSD-7" }, { "name": "NZISM_Security_Benchmark_v1.0_PRS-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-1" }, { "name": "NZISM_Security_Benchmark_v1.0_PRS-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-2" }, { "name": "NZISM_Security_Benchmark_v1.0_PRS-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-3" }, { "name": "NZISM_Security_Benchmark_v1.0_PRS-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-4" }, { "name": "NZISM_Security_Benchmark_v1.0_PRS-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-5" }, { "name": "NZISM_Security_Benchmark_v1.0_PRS-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-6" }, { "name": "NZISM_Security_Benchmark_v1.0_PRS-7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-7" }, { "name": "NZISM_Security_Benchmark_v1.0_PRS-8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_PRS-8" }, { "name": "NZISM_Security_Benchmark_v1.0_MDD-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-1" }, { "name": "NZISM_Security_Benchmark_v1.0_MDD-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-2" }, { "name": "NZISM_Security_Benchmark_v1.0_MDD-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-3" }, { "name": "NZISM_Security_Benchmark_v1.0_MDD-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-4" }, { "name": "NZISM_Security_Benchmark_v1.0_MDD-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-5" }, { "name": "NZISM_Security_Benchmark_v1.0_MDD-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_MDD-6" }, { "name": "NZISM_Security_Benchmark_v1.0_SS-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-1" }, { "name": "NZISM_Security_Benchmark_v1.0_SS-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-2" }, { "name": "NZISM_Security_Benchmark_v1.0_SS-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-3" }, { "name": "NZISM_Security_Benchmark_v1.0_SS-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-4" }, { "name": "NZISM_Security_Benchmark_v1.0_SS-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-5" }, { "name": "NZISM_Security_Benchmark_v1.0_SS-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-6" }, { "name": "NZISM_Security_Benchmark_v1.0_SS-7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-7" }, { "name": "NZISM_Security_Benchmark_v1.0_SS-8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_SS-8" }, { "name": "NZISM_Security_Benchmark_v1.0_ES-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ES-1" }, { "name": "NZISM_Security_Benchmark_v1.0_ES-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ES-2" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-1" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-2" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-3" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-4" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-5" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-6" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-7" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-8" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-9", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-9" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-10", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-10" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-11", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-11" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-12", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-12" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-13", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-13" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-14", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-14" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-15", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-15" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-16", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-16" }, { "name": "NZISM_Security_Benchmark_v1.0_AC-17", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_AC-17" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-1" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-2" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-3" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-4" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-5" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-6" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-7" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-8" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-9", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-9" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-10", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-10" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-11", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-11" }, { "name": "NZISM_Security_Benchmark_v1.0_CR-12", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_CR-12" }, { "name": "NZISM_Security_Benchmark_v1.0_NS-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-1" }, { "name": "NZISM_Security_Benchmark_v1.0_NS-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-2" }, { "name": "NZISM_Security_Benchmark_v1.0_NS-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-3" }, { "name": "NZISM_Security_Benchmark_v1.0_NS-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-4" }, { "name": "NZISM_Security_Benchmark_v1.0_NS-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-5" }, { "name": "NZISM_Security_Benchmark_v1.0_NS-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-6" }, { "name": "NZISM_Security_Benchmark_v1.0_NS-7", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-7" }, { "name": "NZISM_Security_Benchmark_v1.0_NS-8", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-8" }, { "name": "NZISM_Security_Benchmark_v1.0_NS-9", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_NS-9" }, { "name": "NZISM_Security_Benchmark_v1.0_GS-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-1" }, { "name": "NZISM_Security_Benchmark_v1.0_GS-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-2" }, { "name": "NZISM_Security_Benchmark_v1.0_GS-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-3" }, { "name": "NZISM_Security_Benchmark_v1.0_GS-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-4" }, { "name": "NZISM_Security_Benchmark_v1.0_GS-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_GS-5" }, { "name": "NZISM_Security_Benchmark_v1.0_DM-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-1" }, { "name": "NZISM_Security_Benchmark_v1.0_DM-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-2" }, { "name": "NZISM_Security_Benchmark_v1.0_DM-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-3" }, { "name": "NZISM_Security_Benchmark_v1.0_DM-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-4" }, { "name": "NZISM_Security_Benchmark_v1.0_DM-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-5" }, { "name": "NZISM_Security_Benchmark_v1.0_DM-6", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_DM-6" }, { "name": "NZISM_Security_Benchmark_v1.0_WO-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-1" }, { "name": "NZISM_Security_Benchmark_v1.0_WO-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-2" }, { "name": "NZISM_Security_Benchmark_v1.0_WO-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-3" }, { "name": "NZISM_Security_Benchmark_v1.0_WO-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_WO-4" }, { "name": "NZISM_Security_Benchmark_v1.0_ESS-1", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-1" }, { "name": "NZISM_Security_Benchmark_v1.0_ESS-2", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-2" }, { "name": "NZISM_Security_Benchmark_v1.0_ESS-3", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-3" }, { "name": "NZISM_Security_Benchmark_v1.0_ESS-4", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-4" }, { "name": "NZISM_Security_Benchmark_v1.0_ESS-5", "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NZISM_Security_Benchmark_v1.0_ESS-5" } ] }, "id": "/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a", "type": "Microsoft.Authorization/policySetDefinitions", "name": "d1a462af-7e6d-4901-98ac-61570b4ed22a" }

AzInitiativeAdvertizer

Azure Policy Initiative

[Preview]: New Zealand Information Security Manual

Popular