| Policy DisplayName |
Policy Id |
Category |
Version |
Versioning |
Effect |
Roles# |
Roles |
State |
policy in AzUSGov |
| [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed |
8dfab9c4-fe7b-49ad-85e4-1e9be085358f |
Kubernetes |
6.0.0-preview |
1x
6.0.0-preview |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
Preview |
true |
| A vulnerability assessment solution should be enabled on your virtual machines |
501541f7-f7e7-4cd6-868c-4190fdad3ac9 |
Security Center |
3.0.0 |
1x
3.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
unknown |
| Azure Defender for Azure SQL Database servers should be enabled |
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 |
Security Center |
1.0.2 |
1x
1.0.2 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |
| Azure Defender for Key Vault should be enabled |
0e6763cc-5078-4e64-889d-ff4d9a839047 |
Security Center |
1.0.3 |
1x
1.0.3 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
unknown |
| Azure Defender for open-source relational databases should be enabled |
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 |
Security Center |
1.0.0 |
1x
1.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
unknown |
| Azure Defender for Resource Manager should be enabled |
c3d20c29-b36d-48fe-808b-99a87530ad99 |
Security Center |
1.0.0 |
1x
1.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |
| Azure Defender for servers should be enabled |
4da35fc9-c9e7-4960-aec9-797fe7d9051d |
Security Center |
1.0.3 |
1x
1.0.3 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |
| Azure Defender for SQL servers on machines should be enabled |
6581d072-105e-4418-827f-bd446d56421b |
Security Center |
1.0.2 |
1x
1.0.2 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
unknown |
| Azure Defender for SQL should be enabled for unprotected Azure SQL servers |
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 |
SQL |
2.0.1 |
1x
2.0.1 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |
| Azure Defender for SQL should be enabled for unprotected MySQL flexible servers |
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 |
Security Center |
1.0.0 |
1x
1.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |
| Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers |
d38668f5-d155-42c7-ab3d-9b57b50f8fbf |
Security Center |
1.0.0 |
1x
1.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |
| Microsoft Defender CSPM should be enabled |
1f90fc71-a595-4066-8974-d4d0802e8ef0 |
Security Center |
1.0.0 |
1x
1.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
unknown |
| Microsoft Defender for APIs should be enabled |
7926a6d1-b268-4586-8197-e8ae90c877d7 |
Security Center |
1.0.3 |
1x
1.0.3 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
unknown |
| Microsoft Defender for Azure Cosmos DB should be enabled |
adbe85b5-83e6-4350-ab58-bf3a4f736e5e |
Security Center |
1.0.0 |
1x
1.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
unknown |
| Microsoft Defender for Containers should be enabled |
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 |
Security Center |
1.0.0 |
1x
1.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |
| Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces |
d31e5c31-63b2-4f12-887b-e49456834fa1 |
Security Center |
1.0.0 |
1x
1.0.0 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |
| Security Center standard pricing tier should be selected |
a1181c5f-672a-477a-979a-7d58aa086233 |
Security Center |
1.1.0 |
1x
1.1.0 |
Default
Audit
Allowed
Audit, Disabled |
0 |
|
GA |
true |
| Subscriptions should have a contact email address for security issues |
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 |
Security Center |
1.0.1 |
1x
1.0.1 |
Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled |
0 |
|
GA |
true |