last sync: 2020-Sep-18 14:08:07 UTC

Azure Policy Initiative

[Deprecated]: Audit Windows VMs that do not match Azure security baseline settings

Initiative DisplayName [Deprecated]: Audit Windows VMs that do not match Azure security baseline settings
Initiative Id d618d658-b2d0-410e-9e2e-bfbfd04d09fa
Initiative Category Guest Configuration
Initiative Description This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure security baseline configurations. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol
Initiative Type BuiltIn
Initiative Changes
Date/Time (UTC ymd) (i) Change(s)
2020-08-21 13:50:30 change DisplayName Name change: 'Audit Windows VMs that do not match Azure security baseline settings' to '[Deprecated]: Audit Windows VMs that do not match Azure security baseline settings'
2020-06-11 19:46:04 change DisplayName Name change: '[Preview]: Audit Windows VMs that do not match Azure security baseline settings' to 'Audit Windows VMs that do not match Azure security baseline settings'
Initiative Policies count Total Policies: 58
Builtin Policies: 58/58
Static Policies: 0/58
Initiative Policies
Policy DisplayName Policy Id
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - MSS (Legacy)' f1f4825d-58fb-4257-8016-8c00e3c9ed9d
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Control Panel' ec7ac234-2af5-4729-94d2-c557c071799d
[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - System' 7066131b-61a6-4917-a7e4-72e8983f0aa6
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment' 815dcc9f-6662-43f2-9a03-1b83e9876f24
[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Logon-Logoff' b3802d79-dd88-4bce-b81d-780218e48280
[Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - MSS (Legacy)' 97646672-5efa-4622-9b54-740270ad60bf
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - System objects' 620e58b5-ac75-49b4-993f-a9d4f0459636
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Settings - Account Policies' ddb53c61-9db4-41d4-a953-2abff5b66c12
[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Policy Change' dd4680ed-0559-4a6a-ad10-081d14cbb484
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Logon' c1e289c0-ffad-475d-a924-adc058765d65
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Firewall Properties' 909c958d-1b99-4c74-b88f-46a5c5bc34f9
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components' 7040a231-fb65-4412-8c0a-b365f4866c24
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Devices' 3d7b154e-2700-4c8c-9e46-cb65ac1578c2
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use' ce2370f6-0ac5-4d85-8ab4-10721cc640b0
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Audit' 21e2995e-683e-497a-9e81-2f42ad07050a
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management' 0a9991e6-21be-49f9-8916-a06d934bcf29
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client' fcbc55c9-f25a-4e55-a6cb-33acb3be778b
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - System settings' 8a39d1f1-5513-4628-b261-f469a5a3341b
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Logon-Logoff' c04255ee-1b9f-42c1-abaa-bf1553f79930
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Settings - Account Policies' e3d95ab7-f47a-49d8-a347-784177b6c94c
[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Object Access' 60aeaf73-a074-417a-905f-7ce9df0ff77b
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' f56a3ab2-89d1-44de-ac0d-2ada5962e22a
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Recovery console' ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Shutdown' 1f8c20ce-3414-4496-8b26-0e902a1541da
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Policy Change' 97b595c8-fd10-400e-8543-28e2b9138b13
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Interactive Logon' c8abcef9-fc26-482f-b8db-5fa60ee4586d
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System objects' 12ae2d24-3805-4b37-9fa9-465968bfbcfa
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - User Account Control' e425e402-a050-45e5-b010-bd3f934589fc
[Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - System' a1e8dda3-9fd2-4835-aec3-0e55531fde33
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Recovery console' ba12366f-f9a6-42b8-9d98-157d0b1a837b
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Network' 985285b7-b97a-419c-8d48-c88cc934c8d8
[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Account Logon' bc87d811-4a9b-47cc-ae54-0a41abda7768
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Network Access' 30040dab-4e75-4456-8273-14b8f75d91d9
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Accounts' e5b81f87-9185-4224-bf00-9f505e9f89f3
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking' 42a07bbf-ffcf-459a-b4b1-30ecd118a505
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System settings' 437a1f8f-8552-47a8-8b12-a2fee3269dd5
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Network Security' 5c028d2a-1889-45f6-b821-31f42711ced8
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Server' 86880e5c-df35-43c5-95ad-7e120635775e
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Shutdown' e3a77a94-cf41-4ee8-b45c-98be28841c03
[Deprecated]: Show audit results from Windows VMs configurations in 'User Rights Assignment' c961dac9-5916-42e8-8fb1-703148323994
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Server' 6fe4ef56-7576-4dc4-8e9c-26bad4b087ce
[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Account Management' 225e937e-d32e-4713-ab74-13ce95b3519a
[Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - Control Panel' 87b590fe-4a1d-4697-ae74-d4fe72ab786c
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security' 36e17963-7202-494a-80c3-f508211c826b
[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Detailed Tracking' a9a33475-481d-4b81-9116-0bf02ffe67e8
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Audit' 498b810c-59cd-4222-9338-352ba146ccf3
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Devices' 6481cc21-ed6e-4480-99dd-ea7c5222e897
[Deprecated]: Show audit results from Windows VMs configurations in 'Windows Components' 9178b430-2295-406e-bb28-f6a7a2a2f897
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - System' f8b0158d-4766-490f-bea0-259e52dba473
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access' 8e170edb-e0f5-497a-bb36-48b3280cec6a
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Accounts' b872a447-cc6f-43b9-bccf-45703cd81607
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Client' bbcdd8fa-b600-4ee3-85b8-d184e3339652
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - System' 40917425-69db-4018-8dae-2a0556cef899
[Deprecated]: Show audit results from Windows VMs configurations in 'System Audit Policies - Privilege Use' 7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c
[Deprecated]: Show audit results from Windows VMs configurations in 'Administrative Templates - Network' 7229bd6a-693d-478a-87f0-1dc1af06f3b8
[Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - User Account Control' 29829ec2-489d-4925-81b7-bda06b1718e0
[Deprecated]: Show audit results from Windows VMs configurations in 'Windows Firewall Properties' 8bbd627e-4d25-4906-9a6e-3789780af3ec
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Interactive Logon' 3750712b-43d0-478e-9966-d2c26f6141b9
Initiative Rule
{
  "properties": {
  "displayName": "[Deprecated]: Audit Windows VMs that do not match Azure security baseline settings",
    "policyType": "BuiltIn",
    "description": "This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure security baseline configurations. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol",
    "metadata": {
      "version": "1.0.0-deprecated",
      "category": "Guest Configuration",
      "deprecated": true
    },
    "parameters": {
      "EnableInsecureGuestLogons": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Enable insecure guest logons",
          "description": "Specifies whether the SMB client will allow insecure guest logons to an SMB server."
        },
        "defaultValue": "0"
      },
      "AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Allow simultaneous connections to the Internet or a Windows Domain",
          "description": "Specify whether to prevent computers from connecting to both a domain based network and a non-domain based network at the same time. A value of 0 allows simultaneous connections, and a value of 1 blocks them."
        },
        "defaultValue": "1"
      },
      "TurnOffMulticastNameResolution": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Turn off multicast name resolution",
          "description": "Specifies whether LLMNR, a secondary name resolution protocol that transmits using multicast over a local subnet link on a single subnet, is enabled."
        },
        "defaultValue": "1"
      },
      "AlwaysUseClassicLogon": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Always use classic logon",
          "description": "Specifies whether to force the user to log on to the computer using the classic logon screen. This setting only works when the computer is not on a domain."
        },
        "defaultValue": "0"
      },
      "BootStartDriverInitializationPolicy": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Boot-Start Driver Initialization Policy",
          "description": "Specifies which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver."
        },
        "defaultValue": "3"
      },
      "EnableWindowsNTPClient": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Enable Windows NTP Client",
          "description": "Specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers."
        },
        "defaultValue": "1"
      },
      "TurnOnConveniencePINSignin": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Turn on convenience PIN sign-in",
          "description": "Specifies whether a domain user can sign in using a convenience PIN."
        },
        "defaultValue": "0"
      },
      "AccountsGuestAccountStatus": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Accounts: Guest account status",
          "description": "Specifies whether the local Guest account is disabled."
        },
        "defaultValue": "0"
      },
      "AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit: Shut down system immediately if unable to log security audits",
          "description": "Audits if the system will shut down when unable to log Security events."
        },
        "defaultValue": "0"
      },
      "DevicesAllowedToFormatAndEjectRemovableMedia": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Devices: Allowed to format and eject removable media",
          "description": "Specifies who is allowed to format and eject removable NTFS media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on another computer on which they have local administrator privileges."
        },
        "defaultValue": "0"
      },
      "MicrosoftNetworkClientDigitallySignCommunicationsAlways": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Microsoft network client: Digitally sign communications (always)",
          "description": "Specifies whether packet signing is required by the SMB client component."
        },
        "defaultValue": "1"
      },
      "MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Microsoft network client: Send unencrypted password to third-party SMB servers",
          "description": "Specifies whether the SMB redirector will send plaintext passwords during authentication to third-party SMB servers that do not support password encryption. It is recommended that you disable this policy setting unless there is a strong business case to enable it."
        },
        "defaultValue": "0"
      },
      "MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Microsoft network server: Amount of idle time required before suspending session",
          "description": "Specifies the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. The format of the value is two integers separated by a comma, denoting an inclusive range."
        },
        "defaultValue": "1,15"
      },
      "MicrosoftNetworkServerDigitallySignCommunicationsAlways": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Microsoft network server: Digitally sign communications (always)",
          "description": "Specifies whether packet signing is required by the SMB server component."
        },
        "defaultValue": "1"
      },
      "MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Microsoft network server: Disconnect clients when logon hours expire",
          "description": "Specifies whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. If you enable this policy setting you should also enable 'Network security: Force logoff when logon hours expire'"
        },
        "defaultValue": "1"
      },
      "NetworkAccessRemotelyAccessibleRegistryPaths": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Network access: Remotely accessible registry paths",
          "description": "Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
        },
        "defaultValue": "System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion"
      },
      "NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Network access: Remotely accessible registry paths and sub-paths",
          "description": "Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
        },
        "defaultValue": "System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog"
      },
      "NetworkAccessSharesThatCanBeAccessedAnonymously": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Network access: Shares that can be accessed anonymously",
          "description": "Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server."
        },
        "defaultValue": "0"
      },
      "NetworkSecurityConfigureEncryptionTypesAllowedForKerberos": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Network Security: Configure encryption types allowed for Kerberos",
          "description": "Specifies the encryption types that Kerberos is allowed to use."
        },
        "defaultValue": "2147483644"
      },
      "NetworkSecurityLANManagerAuthenticationLevel": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Network security: LAN Manager authentication level",
          "description": "Specify which challenge-response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers."
        },
        "defaultValue": "5"
      },
      "NetworkSecurityLDAPClientSigningRequirements": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Network security: LDAP client signing requirements",
          "description": "Specify the level of data signing that is requested on behalf of clients that issue LDAP BIND requests."
        },
        "defaultValue": "1"
      },
      "NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Network security: Minimum session security for NTLM SSP based (including secure RPC) clients",
          "description": "Specifies which behaviors are allowed by clients for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers for more information."
        },
        "defaultValue": "537395200"
      },
      "NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Network security: Minimum session security for NTLM SSP based (including secure RPC) servers",
          "description": "Specifies which behaviors are allowed by servers for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services."
        },
        "defaultValue": "537395200"
      },
      "RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Recovery console: Allow floppy copy and access to all drives and all folders",
          "description": "Specifies whether to make the Recovery Console SET command available, which allows setting of recovery console environment variables."
        },
        "defaultValue": "0"
      },
      "ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Shutdown: Allow system to be shut down without having to log on",
          "description": "Specifies whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon screen."
        },
        "defaultValue": "0"
      },
      "ShutdownClearVirtualMemoryPagefile": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Shutdown: Clear virtual memory pagefile",
          "description": "Specifies whether the virtual memory pagefile is cleared when the system is shut down. When this policy setting is enabled, the system pagefile is cleared each time that the system shuts down properly. For systems with large amounts of RAM, this could result in substantial time needed to complete the shutdown."
        },
        "defaultValue": "0"
      },
      "SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies",
          "description": "Specifies whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). For certificate rules to take effect in software restriction policies, you must enable this policy setting."
        },
        "defaultValue": "1"
      },
      "UACAdminApprovalModeForTheBuiltinAdministratorAccount": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: UAC: Admin Approval Mode for the Built-in Administrator account",
          "description": "Specifies the behavior of Admin Approval Mode for the built-in Administrator account."
        },
        "defaultValue": "1"
      },
      "UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: UAC: Behavior of the elevation prompt for administrators in Admin Approval Mode",
          "description": "Specifies the behavior of the elevation prompt for administrators."
        },
        "defaultValue": "2"
      },
      "UACDetectApplicationInstallationsAndPromptForElevation": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: UAC: Detect application installations and prompt for elevation",
          "description": "Specifies the behavior of application installation detection for the computer."
        },
        "defaultValue": "1"
      },
      "UACRunAllAdministratorsInAdminApprovalMode": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: UAC: Run all administrators in Admin Approval Mode",
          "description": "Specifies the behavior of all User Account Control (UAC) policy settings for the computer."
        },
        "defaultValue": "1"
      },
      "EnforcePasswordHistory": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Enforce password history",
          "description": "Specifies limits on password reuse - how many times a new password must be created for a user account before the password can be repeated."
        },
        "defaultValue": "24"
      },
      "MaximumPasswordAge": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Maximum password age",
          "description": "Specifies the maximum number of days that may elapse before a user account password must be changed. The format of the value is two integers separated by a comma, denoting an inclusive range."
        },
        "defaultValue": "1,70"
      },
      "MinimumPasswordAge": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Minimum password age",
          "description": "Specifies the minimum number of days that must elapse before a user account password can be changed."
        },
        "defaultValue": "1"
      },
      "MinimumPasswordLength": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Minimum password length",
          "description": "Specifies the minimum number of characters that a user account password may contain."
        },
        "defaultValue": "14"
      },
      "PasswordMustMeetComplexityRequirements": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Password must meet complexity requirements",
          "description": "Specifies whether a user account password must be complex. If required, a complex password must not contain part of  user's account name or full name; be at least 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters."
        },
        "defaultValue": "1"
      },
      "AuditCredentialValidation": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit Credential Validation",
          "description": "Specifies whether audit events are generated when credentials are submitted for a user account logon request.  This setting is especially useful for monitoring unsuccessful attempts, to find brute-force attacks, account enumeration, and potential account compromise events on domain controllers."
        },
        "allowedValues": [
          "No Auditing",
          "Success",
          "Failure",
          "Success and Failure"
        ],
        "defaultValue": "Success and Failure"
      },
      "AuditProcessTermination": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit Process Termination",
          "description": "Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes."
        },
        "allowedValues": [
          "No Auditing",
          "Success",
          "Failure",
          "Success and Failure"
        ],
        "defaultValue": "No Auditing"
      },
      "AuditGroupMembership": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit Group Membership",
          "description": "Specifies whether audit events are generated when group memberships are enumerated on the client computer."
        },
        "allowedValues": [
          "No Auditing",
          "Success",
          "Failure",
          "Success and Failure"
        ],
        "defaultValue": "Success"
      },
      "AuditDetailedFileShare": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit Detailed File Share",
          "description": "If this policy setting is enabled, access to all shared files and folders on the system is audited. Auditing for Success can lead to very high volumes of events."
        },
        "allowedValues": [
          "No Auditing",
          "Success",
          "Failure",
          "Success and Failure"
        ],
        "defaultValue": "No Auditing"
      },
      "AuditFileShare": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit File Share",
          "description": "Specifies whether to audit events related to file shares: creation, deletion, modification, and access attempts. Also, it shows failed SMB SPN checks. Event volumes can be high on DCs and File Servers."
        },
        "allowedValues": [
          "No Auditing",
          "Success",
          "Failure",
          "Success and Failure"
        ],
        "defaultValue": "No Auditing"
      },
      "AuditFileSystem": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit File System",
          "description": "Specifies whether audit events are generated when users attempt to access file system objects. Audit events are generated only for objects that have configured system access control lists (SACLs)."
        },
        "allowedValues": [
          "No Auditing",
          "Success",
          "Failure",
          "Success and Failure"
        ],
        "defaultValue": "No Auditing"
      },
      "AuditAuthenticationPolicyChange": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit Authentication Policy Change",
          "description": "Specifies whether audit events are generated when changes are made to authentication policy. This setting is useful for tracking changes in domain-level and forest-level trust and privileges that are granted to user accounts or groups."
        },
        "allowedValues": [
          "No Auditing",
          "Success",
          "Failure",
          "Success and Failure"
        ],
        "defaultValue": "Success"
      },
      "AuditAuthorizationPolicyChange": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit Authorization Policy Change",
          "description": "Specifies whether audit events are generated for assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects."
        },
        "allowedValues": [
          "No Auditing",
          "Success",
          "Failure",
          "Success and Failure"
        ],
        "defaultValue": "No Auditing"
      },
      "AuditOtherSystemEvents": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Audit Other System Events",
          "description": "Specifies whether audit events are generated for Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures."
        },
        "allowedValues": [
          "No Auditing",
          "Success",
          "Failure",
          "Success and Failure"
        ],
        "defaultValue": "No Auditing"
      },
      "UsersOrGroupsThatMayAccessThisComputerFromTheNetwork": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users or groups that may access this computer from the network",
          "description": "Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection."
        },
        "defaultValue": "Administrators, Authenticated Users"
      },
      "UsersOrGroupsThatMayLogOnLocally": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users or groups that may log on locally",
          "description": "Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right."
        },
        "defaultValue": "Administrators"
      },
      "UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users or groups that may log on through Remote Desktop Services",
          "description": "Specifies which users or groups are permitted to log on as a Terminal Services client, Remote Desktop, or for Remote Assistance."
        },
        "defaultValue": "Administrators, Remote Desktop Users"
      },
      "UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users and groups that are denied access to this computer from the network",
          "description": "Specifies which users or groups are explicitly prohibited from connecting to the computer across the network."
        },
        "defaultValue": "Guests"
      },
      "UsersOrGroupsThatMayManageAuditingAndSecurityLog": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users or groups that may manage auditing and security log",
          "description": "Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log."
        },
        "defaultValue": "Administrators"
      },
      "UsersOrGroupsThatMayBackUpFilesAndDirectories": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users or groups that may back up files and directories",
          "description": "Specifies users and groups allowed to circumvent file and directory permissions to back up the system."
        },
        "defaultValue": "Administrators, Backup Operators"
      },
      "UsersOrGroupsThatMayChangeTheSystemTime": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users or groups that may change the system time",
          "description": "Specifies which users and groups are permitted to change the time and date on the internal clock of the computer."
        },
        "defaultValue": "Administrators, LOCAL SERVICE"
      },
      "UsersOrGroupsThatMayChangeTheTimeZone": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users or groups that may change the time zone",
          "description": "Specifies which users and groups are permitted to change the time zone of the computer."
        },
        "defaultValue": "Administrators, LOCAL SERVICE"
      },
      "UsersOrGroupsThatMayCreateATokenObject": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users or groups that may create a token object",
          "description": "Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data."
        },
        "defaultValue": "No One"
      },
      "UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users and groups that are denied logging on as a batch job",
          "description": "Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task)."
        },
        "defaultValue": "Guests"
      },
      "UsersAndGroupsThatAreDeniedLoggingOnAsAService": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users and groups that are denied logging on as a service",
          "description": "Specifies which service accounts are explicitly not permitted to register a process as a service."
        },
        "defaultValue": "Guests"
      },
      "UsersAndGroupsThatAreDeniedLocalLogon": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users and groups that are denied local logon",
          "description": "Specifies which users and groups are explicitly not permitted to log on to the computer."
        },
        "defaultValue": "Guests"
      },
      "UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users and groups that are denied log on through Remote Desktop Services",
          "description": "Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client."
        },
        "defaultValue": "Guests"
      },
      "UserAndGroupsThatMayForceShutdownFromARemoteSystem": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: User and groups that may force shutdown from a remote system",
          "description": "Specifies which users and groups are permitted to shut down the computer from a remote location on the network."
        },
        "defaultValue": "Administrators"
      },
      "UsersAndGroupsThatMayRestoreFilesAndDirectories": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users and groups that may restore files and directories",
          "description": "Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories."
        },
        "defaultValue": "Administrators, Backup Operators"
      },
      "UsersAndGroupsThatMayShutDownTheSystem": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users and groups that may shut down the system",
          "description": "Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command."
        },
        "defaultValue": "Administrators"
      },
      "UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Users or groups that may take ownership of files or other objects",
          "description": "Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user."
        },
        "defaultValue": "Administrators"
      },
      "SendFileSamplesWhenFurtherAnalysisIsRequired": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Send file samples when further analysis is required",
          "description": "Specifies whether and how Windows Defender will submit samples of suspected malware  to Microsoft for further analysis when opt-in for MAPS telemetry is set."
        },
        "defaultValue": "1"
      },
      "AllowIndexingOfEncryptedFiles": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Allow indexing of encrypted files",
          "description": "Specifies whether encrypted items are allowed to be indexed."
        },
        "defaultValue": "0"
      },
      "AllowTelemetry": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Allow Telemetry",
          "description": "Specifies configuration of the amount of diagnostic and usage data reported to Microsoft. The data is transmitted securely and sensitive data is not sent."
        },
        "defaultValue": "2"
      },
      "AllowUnencryptedTraffic": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Allow unencrypted traffic",
          "description": "Specifies whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network."
        },
        "defaultValue": "0"
      },
      "AlwaysInstallWithElevatedPrivileges": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Always install with elevated privileges",
          "description": "Specifies whether Windows Installer should use system permissions when it installs any program on the system."
        },
        "defaultValue": "0"
      },
      "AlwaysPromptForPasswordUponConnection": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Always prompt for password upon connection",
          "description": "Specifies whether Terminal Services/Remote Desktop Connection always prompts the client computer for a password upon connection."
        },
        "defaultValue": "1"
      },
      "ApplicationSpecifyTheMaximumLogFileSizeKB": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Application: Specify the maximum log file size (KB)",
          "description": "Specifies the maximum size for the Application event log in kilobytes."
        },
        "defaultValue": "32768"
      },
      "AutomaticallySendMemoryDumpsForOSgeneratedErrorReports": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Automatically send memory dumps for OS-generated error reports",
          "description": "Specifies if memory dumps in support of OS-generated error reports can be sent to Microsoft automatically."
        },
        "defaultValue": "1"
      },
      "ConfigureDefaultConsent": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Configure Default consent",
          "description": "Specifies setting of the default consent handling for error reports sent to Microsoft."
        },
        "defaultValue": "4"
      },
      "ConfigureWindowsSmartScreen": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Configure Windows SmartScreen",
          "description": "Specifies how to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled."
        },
        "defaultValue": "1"
      },
      "DisallowDigestAuthentication": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Disallow Digest authentication",
          "description": "Specifies whether the Windows Remote Management (WinRM) client will not use Digest authentication."
        },
        "defaultValue": "0"
      },
      "DisallowWinRMFromStoringRunAsCredentials": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Disallow WinRM from storing RunAs credentials",
          "description": "Specifies whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins."
        },
        "defaultValue": "1"
      },
      "DoNotAllowPasswordsToBeSaved": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Do not allow passwords to be saved",
          "description": "Specifies whether to prevent Remote Desktop Services - Terminal Services clients from saving passwords on a computer."
        },
        "defaultValue": "1"
      },
      "SecuritySpecifyTheMaximumLogFileSizeKB": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Security: Specify the maximum log file size (KB)",
          "description": "Specifies the maximum size for the Security event log in kilobytes."
        },
        "defaultValue": "196608"
      },
      "SetClientConnectionEncryptionLevel": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Set client connection encryption level",
          "description": "Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption."
        },
        "defaultValue": "3"
      },
      "SetTheDefaultBehaviorForAutoRun": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Set the default behavior for AutoRun",
          "description": "Specifies the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines."
        },
        "defaultValue": "1"
      },
      "SetupSpecifyTheMaximumLogFileSizeKB": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Setup: Specify the maximum log file size (KB)",
          "description": "Specifies the maximum size for the Setup event log in kilobytes."
        },
        "defaultValue": "32768"
      },
      "SystemSpecifyTheMaximumLogFileSizeKB": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: System: Specify the maximum log file size (KB)",
          "description": "Specifies the maximum size for the System event log in kilobytes."
        },
        "defaultValue": "32768"
      },
      "TurnOffDataExecutionPreventionForExplorer": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Turn off Data Execution Prevention for Explorer",
          "description": "Specifies whether to turn off Data Execution Prevention for Windows File Explorer. Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer."
        },
        "defaultValue": "0"
      },
      "SpecifyTheIntervalToCheckForDefinitionUpdates": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Specify the interval to check for definition updates",
          "description": "Specifies an interval at which to check for Windows Defender definition updates. The time value is represented as the number of hours between update checks."
        },
        "defaultValue": "8"
      },
      "WindowsFirewallDomainUseProfileSettings": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Domain): Use profile settings",
          "description": "Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallDomainBehaviorForOutboundConnections": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Domain): Behavior for outbound connections",
          "description": "Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
        },
        "defaultValue": "0"
      },
      "WindowsFirewallDomainApplyLocalConnectionSecurityRules": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Domain): Apply local connection security rules",
          "description": "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallDomainApplyLocalFirewallRules": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Domain): Apply local firewall rules",
          "description": "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallDomainDisplayNotifications": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Domain): Display notifications",
          "description": "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallPrivateUseProfileSettings": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Private): Use profile settings",
          "description": "Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallPrivateBehaviorForOutboundConnections": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Private): Behavior for outbound connections",
          "description": "Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
        },
        "defaultValue": "0"
      },
      "WindowsFirewallPrivateApplyLocalConnectionSecurityRules": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Private): Apply local connection security rules",
          "description": "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallPrivateApplyLocalFirewallRules": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Private): Apply local firewall rules",
          "description": "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallPrivateDisplayNotifications": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Private): Display notifications",
          "description": "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallPublicUseProfileSettings": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Public): Use profile settings",
          "description": "Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallPublicBehaviorForOutboundConnections": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Public): Behavior for outbound connections",
          "description": "Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
        },
        "defaultValue": "0"
      },
      "WindowsFirewallPublicApplyLocalConnectionSecurityRules": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Public): Apply local connection security rules",
          "description": "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallPublicApplyLocalFirewallRules": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Public): Apply local firewall rules",
          "description": "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallPublicDisplayNotifications": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall (Public): Display notifications",
          "description": "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile."
        },
        "defaultValue": "1"
      },
      "WindowsFirewallDomainAllowUnicastResponse": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall: Domain: Allow unicast response",
          "description": "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile."
        },
        "defaultValue": "0"
      },
      "WindowsFirewallPrivateAllowUnicastResponse": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall: Private: Allow unicast response",
          "description": "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile."
        },
        "defaultValue": "0"
      },
      "WindowsFirewallPublicAllowUnicastResponse": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Windows Firewall: Public: Allow unicast response",
          "description": "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile."
        },
        "defaultValue": "1"
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_AdministrativeTemplatesControlPanel",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ec7ac234-2af5-4729-94d2-c557c071799d"
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_AdministrativeTemplatesNetwork",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/985285b7-b97a-419c-8d48-c88cc934c8d8",
        "parameters": {
          "EnableInsecureGuestLogons": {
          "value": "[parameters('EnableInsecureGuestLogons')]"
          },
          "AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain": {
          "value": "[parameters('AllowSimultaneousConnectionsToTheInternetOrAWindowsDomain')]"
          },
          "TurnOffMulticastNameResolution": {
          "value": "[parameters('TurnOffMulticastNameResolution')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_AdministrativeTemplatesSystem",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/40917425-69db-4018-8dae-2a0556cef899",
        "parameters": {
          "AlwaysUseClassicLogon": {
          "value": "[parameters('AlwaysUseClassicLogon')]"
          },
          "BootStartDriverInitializationPolicy": {
          "value": "[parameters('BootStartDriverInitializationPolicy')]"
          },
          "EnableWindowsNTPClient": {
          "value": "[parameters('EnableWindowsNTPClient')]"
          },
          "TurnOnConveniencePINSignin": {
          "value": "[parameters('TurnOnConveniencePINSignin')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_AdminstrativeTemplatesMSSLegacy",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f1f4825d-58fb-4257-8016-8c00e3c9ed9d"
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsAccounts",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e5b81f87-9185-4224-bf00-9f505e9f89f3",
        "parameters": {
          "AccountsGuestAccountStatus": {
          "value": "[parameters('AccountsGuestAccountStatus')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsAudit",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/498b810c-59cd-4222-9338-352ba146ccf3",
        "parameters": {
          "AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits": {
          "value": "[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsDevices",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6481cc21-ed6e-4480-99dd-ea7c5222e897",
        "parameters": {
          "DevicesAllowedToFormatAndEjectRemovableMedia": {
          "value": "[parameters('DevicesAllowedToFormatAndEjectRemovableMedia')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsInteractiveLogon",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3750712b-43d0-478e-9966-d2c26f6141b9"
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkClient",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bbcdd8fa-b600-4ee3-85b8-d184e3339652",
        "parameters": {
          "MicrosoftNetworkClientDigitallySignCommunicationsAlways": {
          "value": "[parameters('MicrosoftNetworkClientDigitallySignCommunicationsAlways')]"
          },
          "MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers": {
          "value": "[parameters('MicrosoftNetworkClientSendUnencryptedPasswordToThirdpartySMBServers')]"
          },
          "MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession": {
          "value": "[parameters('MicrosoftNetworkServerAmountOfIdleTimeRequiredBeforeSuspendingSession')]"
          },
          "MicrosoftNetworkServerDigitallySignCommunicationsAlways": {
          "value": "[parameters('MicrosoftNetworkServerDigitallySignCommunicationsAlways')]"
          },
          "MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire": {
          "value": "[parameters('MicrosoftNetworkServerDisconnectClientsWhenLogonHoursExpire')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsMicrosoftNetworkServer",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86880e5c-df35-43c5-95ad-7e120635775e"
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsNetworkAccess",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f56a3ab2-89d1-44de-ac0d-2ada5962e22a",
        "parameters": {
          "NetworkAccessRemotelyAccessibleRegistryPaths": {
          "value": "[parameters('NetworkAccessRemotelyAccessibleRegistryPaths')]"
          },
          "NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths": {
          "value": "[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths')]"
          },
          "NetworkAccessSharesThatCanBeAccessedAnonymously": {
          "value": "[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsNetworkSecurity",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/36e17963-7202-494a-80c3-f508211c826b",
        "parameters": {
          "NetworkSecurityConfigureEncryptionTypesAllowedForKerberos": {
          "value": "[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos')]"
          },
          "NetworkSecurityLANManagerAuthenticationLevel": {
          "value": "[parameters('NetworkSecurityLANManagerAuthenticationLevel')]"
          },
          "NetworkSecurityLDAPClientSigningRequirements": {
          "value": "[parameters('NetworkSecurityLDAPClientSigningRequirements')]"
          },
          "NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients": {
          "value": "[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients')]"
          },
          "NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers": {
          "value": "[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsRecoveryconsole",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b",
        "parameters": {
          "RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders": {
          "value": "[parameters('RecoveryConsoleAllowFloppyCopyAndAccessToAllDrivesAndAllFolders')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsShutdown",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f8c20ce-3414-4496-8b26-0e902a1541da",
        "parameters": {
          "ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn": {
          "value": "[parameters('ShutdownAllowSystemToBeShutDownWithoutHavingToLogOn')]"
          },
          "ShutdownClearVirtualMemoryPagefile": {
          "value": "[parameters('ShutdownClearVirtualMemoryPagefile')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsSystemobjects",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12ae2d24-3805-4b37-9fa9-465968bfbcfa"
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsSystemsettings",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/437a1f8f-8552-47a8-8b12-a2fee3269dd5",
        "parameters": {
          "SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies": {
          "value": "[parameters('SystemSettingsUseCertificateRulesOnWindowsExecutablesForSoftwareRestrictionPolicies')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecurityOptionsUserAccountControl",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e425e402-a050-45e5-b010-bd3f934589fc",
        "parameters": {
          "UACAdminApprovalModeForTheBuiltinAdministratorAccount": {
          "value": "[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount')]"
          },
          "UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode": {
          "value": "[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode')]"
          },
          "UACDetectApplicationInstallationsAndPromptForElevation": {
          "value": "[parameters('UACDetectApplicationInstallationsAndPromptForElevation')]"
          },
          "UACRunAllAdministratorsInAdminApprovalMode": {
          "value": "[parameters('UACRunAllAdministratorsInAdminApprovalMode')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SecuritySettingsAccountPolicies",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3d95ab7-f47a-49d8-a347-784177b6c94c",
        "parameters": {
          "EnforcePasswordHistory": {
          "value": "[parameters('EnforcePasswordHistory')]"
          },
          "MaximumPasswordAge": {
          "value": "[parameters('MaximumPasswordAge')]"
          },
          "MinimumPasswordAge": {
          "value": "[parameters('MinimumPasswordAge')]"
          },
          "MinimumPasswordLength": {
          "value": "[parameters('MinimumPasswordLength')]"
          },
          "PasswordMustMeetComplexityRequirements": {
          "value": "[parameters('PasswordMustMeetComplexityRequirements')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SystemAuditPoliciesAccountLogon",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c1e289c0-ffad-475d-a924-adc058765d65",
        "parameters": {
          "AuditCredentialValidation": {
          "value": "[parameters('AuditCredentialValidation')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SystemAuditPoliciesAccountManagement",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a9991e6-21be-49f9-8916-a06d934bcf29"
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SystemAuditPoliciesDetailedTracking",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/42a07bbf-ffcf-459a-b4b1-30ecd118a505",
        "parameters": {
          "AuditProcessTermination": {
          "value": "[parameters('AuditProcessTermination')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SystemAuditPoliciesLogonLogoff",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c04255ee-1b9f-42c1-abaa-bf1553f79930",
        "parameters": {
          "AuditGroupMembership": {
          "value": "[parameters('AuditGroupMembership')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SystemAuditPoliciesObjectAccess",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e170edb-e0f5-497a-bb36-48b3280cec6a",
        "parameters": {
          "AuditDetailedFileShare": {
          "value": "[parameters('AuditDetailedFileShare')]"
          },
          "AuditFileShare": {
          "value": "[parameters('AuditFileShare')]"
          },
          "AuditFileSystem": {
          "value": "[parameters('AuditFileSystem')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SystemAuditPoliciesPolicyChange",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/97b595c8-fd10-400e-8543-28e2b9138b13",
        "parameters": {
          "AuditAuthenticationPolicyChange": {
          "value": "[parameters('AuditAuthenticationPolicyChange')]"
          },
          "AuditAuthorizationPolicyChange": {
          "value": "[parameters('AuditAuthorizationPolicyChange')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SystemAuditPoliciesPrivilegeUse",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ce2370f6-0ac5-4d85-8ab4-10721cc640b0"
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_SystemAuditPoliciesSystem",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8b0158d-4766-490f-bea0-259e52dba473",
        "parameters": {
          "AuditOtherSystemEvents": {
          "value": "[parameters('AuditOtherSystemEvents')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_UserRightsAssignment",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/815dcc9f-6662-43f2-9a03-1b83e9876f24",
        "parameters": {
          "UsersOrGroupsThatMayAccessThisComputerFromTheNetwork": {
          "value": "[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork')]"
          },
          "UsersOrGroupsThatMayLogOnLocally": {
          "value": "[parameters('UsersOrGroupsThatMayLogOnLocally')]"
          },
          "UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices": {
          "value": "[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices')]"
          },
          "UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork')]"
          },
          "UsersOrGroupsThatMayManageAuditingAndSecurityLog": {
          "value": "[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog')]"
          },
          "UsersOrGroupsThatMayBackUpFilesAndDirectories": {
          "value": "[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories')]"
          },
          "UsersOrGroupsThatMayChangeTheSystemTime": {
          "value": "[parameters('UsersOrGroupsThatMayChangeTheSystemTime')]"
          },
          "UsersOrGroupsThatMayChangeTheTimeZone": {
          "value": "[parameters('UsersOrGroupsThatMayChangeTheTimeZone')]"
          },
          "UsersOrGroupsThatMayCreateATokenObject": {
          "value": "[parameters('UsersOrGroupsThatMayCreateATokenObject')]"
          },
          "UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob')]"
          },
          "UsersAndGroupsThatAreDeniedLoggingOnAsAService": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService')]"
          },
          "UsersAndGroupsThatAreDeniedLocalLogon": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedLocalLogon')]"
          },
          "UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices": {
          "value": "[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices')]"
          },
          "UserAndGroupsThatMayForceShutdownFromARemoteSystem": {
          "value": "[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem')]"
          },
          "UsersAndGroupsThatMayRestoreFilesAndDirectories": {
          "value": "[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories')]"
          },
          "UsersAndGroupsThatMayShutDownTheSystem": {
          "value": "[parameters('UsersAndGroupsThatMayShutDownTheSystem')]"
          },
          "UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects": {
          "value": "[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_WindowsComponents",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7040a231-fb65-4412-8c0a-b365f4866c24",
        "parameters": {
          "SendFileSamplesWhenFurtherAnalysisIsRequired": {
          "value": "[parameters('SendFileSamplesWhenFurtherAnalysisIsRequired')]"
          },
          "AllowIndexingOfEncryptedFiles": {
          "value": "[parameters('AllowIndexingOfEncryptedFiles')]"
          },
          "AllowTelemetry": {
          "value": "[parameters('AllowTelemetry')]"
          },
          "AllowUnencryptedTraffic": {
          "value": "[parameters('AllowUnencryptedTraffic')]"
          },
          "AlwaysInstallWithElevatedPrivileges": {
          "value": "[parameters('AlwaysInstallWithElevatedPrivileges')]"
          },
          "AlwaysPromptForPasswordUponConnection": {
          "value": "[parameters('AlwaysPromptForPasswordUponConnection')]"
          },
          "ApplicationSpecifyTheMaximumLogFileSizeKB": {
          "value": "[parameters('ApplicationSpecifyTheMaximumLogFileSizeKB')]"
          },
          "AutomaticallySendMemoryDumpsForOSgeneratedErrorReports": {
          "value": "[parameters('AutomaticallySendMemoryDumpsForOSgeneratedErrorReports')]"
          },
          "ConfigureDefaultConsent": {
          "value": "[parameters('ConfigureDefaultConsent')]"
          },
          "ConfigureWindowsSmartScreen": {
          "value": "[parameters('ConfigureWindowsSmartScreen')]"
          },
          "DisallowDigestAuthentication": {
          "value": "[parameters('DisallowDigestAuthentication')]"
          },
          "DisallowWinRMFromStoringRunAsCredentials": {
          "value": "[parameters('DisallowWinRMFromStoringRunAsCredentials')]"
          },
          "DoNotAllowPasswordsToBeSaved": {
          "value": "[parameters('DoNotAllowPasswordsToBeSaved')]"
          },
          "SecuritySpecifyTheMaximumLogFileSizeKB": {
          "value": "[parameters('SecuritySpecifyTheMaximumLogFileSizeKB')]"
          },
          "SetClientConnectionEncryptionLevel": {
          "value": "[parameters('SetClientConnectionEncryptionLevel')]"
          },
          "SetTheDefaultBehaviorForAutoRun": {
          "value": "[parameters('SetTheDefaultBehaviorForAutoRun')]"
          },
          "SetupSpecifyTheMaximumLogFileSizeKB": {
          "value": "[parameters('SetupSpecifyTheMaximumLogFileSizeKB')]"
          },
          "SystemSpecifyTheMaximumLogFileSizeKB": {
          "value": "[parameters('SystemSpecifyTheMaximumLogFileSizeKB')]"
          },
          "TurnOffDataExecutionPreventionForExplorer": {
          "value": "[parameters('TurnOffDataExecutionPreventionForExplorer')]"
          },
          "SpecifyTheIntervalToCheckForDefinitionUpdates": {
          "value": "[parameters('SpecifyTheIntervalToCheckForDefinitionUpdates')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Deploy_AzureBaseline_WindowsFirewallProperties",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/909c958d-1b99-4c74-b88f-46a5c5bc34f9",
        "parameters": {
          "WindowsFirewallDomainUseProfileSettings": {
          "value": "[parameters('WindowsFirewallDomainUseProfileSettings')]"
          },
          "WindowsFirewallDomainBehaviorForOutboundConnections": {
          "value": "[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]"
          },
          "WindowsFirewallDomainApplyLocalConnectionSecurityRules": {
          "value": "[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]"
          },
          "WindowsFirewallDomainApplyLocalFirewallRules": {
          "value": "[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]"
          },
          "WindowsFirewallDomainDisplayNotifications": {
          "value": "[parameters('WindowsFirewallDomainDisplayNotifications')]"
          },
          "WindowsFirewallPrivateUseProfileSettings": {
          "value": "[parameters('WindowsFirewallPrivateUseProfileSettings')]"
          },
          "WindowsFirewallPrivateBehaviorForOutboundConnections": {
          "value": "[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]"
          },
          "WindowsFirewallPrivateApplyLocalConnectionSecurityRules": {
          "value": "[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]"
          },
          "WindowsFirewallPrivateApplyLocalFirewallRules": {
          "value": "[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]"
          },
          "WindowsFirewallPrivateDisplayNotifications": {
          "value": "[parameters('WindowsFirewallPrivateDisplayNotifications')]"
          },
          "WindowsFirewallPublicUseProfileSettings": {
          "value": "[parameters('WindowsFirewallPublicUseProfileSettings')]"
          },
          "WindowsFirewallPublicBehaviorForOutboundConnections": {
          "value": "[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]"
          },
          "WindowsFirewallPublicApplyLocalConnectionSecurityRules": {
          "value": "[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]"
          },
          "WindowsFirewallPublicApplyLocalFirewallRules": {
          "value": "[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]"
          },
          "WindowsFirewallPublicDisplayNotifications": {
          "value": "[parameters('WindowsFirewallPublicDisplayNotifications')]"
          },
          "WindowsFirewallDomainAllowUnicastResponse": {
          "value": "[parameters('WindowsFirewallDomainAllowUnicastResponse')]"
          },
          "WindowsFirewallPrivateAllowUnicastResponse": {
          "value": "[parameters('WindowsFirewallPrivateAllowUnicastResponse')]"
          },
          "WindowsFirewallPublicAllowUnicastResponse": {
          "value": "[parameters('WindowsFirewallPublicAllowUnicastResponse')]"
          }
        }
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_AdministrativeTemplatesControlPanel",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87b590fe-4a1d-4697-ae74-d4fe72ab786c"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_AdministrativeTemplatesNetwork",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7229bd6a-693d-478a-87f0-1dc1af06f3b8"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_AdministrativeTemplatesSystem",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a1e8dda3-9fd2-4835-aec3-0e55531fde33"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_AdminstrativeTemplatesMSSLegacy",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/97646672-5efa-4622-9b54-740270ad60bf"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsAccounts",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b872a447-cc6f-43b9-bccf-45703cd81607"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsAudit",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/21e2995e-683e-497a-9e81-2f42ad07050a"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsDevices",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d7b154e-2700-4c8c-9e46-cb65ac1578c2"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsInteractiveLogon",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c8abcef9-fc26-482f-b8db-5fa60ee4586d"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkClient",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fcbc55c9-f25a-4e55-a6cb-33acb3be778b"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsMicrosoftNetworkServer",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6fe4ef56-7576-4dc4-8e9c-26bad4b087ce"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsNetworkAccess",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/30040dab-4e75-4456-8273-14b8f75d91d9"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsNetworkSecurity",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c028d2a-1889-45f6-b821-31f42711ced8"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsRecoveryconsole",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ba12366f-f9a6-42b8-9d98-157d0b1a837b"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsShutdown",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3a77a94-cf41-4ee8-b45c-98be28841c03"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsSystemobjects",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/620e58b5-ac75-49b4-993f-a9d4f0459636"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsSystemsettings",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8a39d1f1-5513-4628-b261-f469a5a3341b"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecurityOptionsUserAccountControl",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/29829ec2-489d-4925-81b7-bda06b1718e0"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SecuritySettingsAccountPolicies",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ddb53c61-9db4-41d4-a953-2abff5b66c12"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SystemAuditPoliciesAccountLogon",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bc87d811-4a9b-47cc-ae54-0a41abda7768"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SystemAuditPoliciesAccountManagement",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/225e937e-d32e-4713-ab74-13ce95b3519a"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SystemAuditPoliciesDetailedTracking",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a9a33475-481d-4b81-9116-0bf02ffe67e8"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SystemAuditPoliciesLogonLogoff",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b3802d79-dd88-4bce-b81d-780218e48280"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SystemAuditPoliciesObjectAccess",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/60aeaf73-a074-417a-905f-7ce9df0ff77b"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SystemAuditPoliciesPolicyChange",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dd4680ed-0559-4a6a-ad10-081d14cbb484"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SystemAuditPoliciesPrivilegeUse",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7f4e96d1-e4f3-4dbb-b767-33ca4df8df7c"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_SystemAuditPoliciesSystem",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7066131b-61a6-4917-a7e4-72e8983f0aa6"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_UserRightsAssignment",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c961dac9-5916-42e8-8fb1-703148323994"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_WindowsComponents",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9178b430-2295-406e-bb28-f6a7a2a2f897"
      },
      {
        "policyDefinitionReferenceId": "Audit_AzureBaseline_WindowsFirewallProperties",
        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8bbd627e-4d25-4906-9a6e-3789780af3ec"
      }
    ]
  },
  "id": "/providers/Microsoft.Authorization/policySetDefinitions/d618d658-b2d0-410e-9e2e-bfbfd04d09fa",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "d618d658-b2d0-410e-9e2e-bfbfd04d09fa"
}