last sync: 2025-Mar-14 18:30:04 UTC

All Azure Policy Initiatives

BuiltIn 19 categories
ALZ 34 categories
AMBA 1 category
Category Id DisplayName Description Last changed Policies State Version Versioning CloudEnv AzUSGov version Compliance Type
API Management Enforce-Guardrails-APIM Enforce recommended guardrails for API Management This policy initiative is a group of policies that ensures API Management is compliant per regulated Landing Zones. n/a Builtin Policies 10/11
Static Policies 0/11
ALZ Policies 1/11
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
App Service Enforce-Guardrails-AppServices Enforce recommended guardrails for App Service This policy initiative is a group of policies that ensures App Service is compliant per regulated Landing Zones. n/a Builtin Policies 18/19
Static Policies 0/19
ALZ Policies 1/19
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Automanage c138fd1a-e08f-4318-9490-d11ef2c2f9c1 [Preview]: Audit configuration against Automanage Best Practices Automanage Machine Best Practices ensures that managed resources are setup in accordance with the desired state as defined in the assigned Configuration Profile. 2023-03-02 Builtin Policies 6/6
Static Policies 0/6
Preview 1.0.1-preview 1.0.1-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Automation Enforce-Guardrails-Automation Enforce recommended guardrails for Automation Account This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones. n/a Builtin Policies 6/6
Static Policies 0/6
ALZ Policies 0/6
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Azure Data Explorer Enforce-Guardrails-DataExplorer Enforce recommended guardrails for Data Explorer This policy initiative is a group of policies that ensures Data Explorer is compliant per regulated Landing Zones. n/a Builtin Policies 4/4
Static Policies 0/4
ALZ Policies 0/4
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Backup Enforce-Backup Enforce enhanced recovery and backup policies Enforce enhanced recovery and backup policies on assigned scopes. n/a Builtin Policies 6/6
Static Policies 0/6
ALZ Policies 0/6
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Bot Service Enforce-Guardrails-BotService Enforce recommended guardrails for Bot Service This policy initiative is a group of policies that ensures Bot Service is compliant per regulated Landing Zones. n/a Builtin Policies 4/4
Static Policies 0/4
ALZ Policies 0/4
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
ChangeTrackingAndInventory c4a70814-96be-461c-889f-2b27429120dc [Preview]: Enable ChangeTracking and Inventory for virtual machine scale sets Enable ChangeTracking and Inventory for virtual machine scale sets. Takes Data Collection Rule ID as parameter and asks for an option to input applicable locations and user-assigned identity for Azure Monitor Agent. 2024-05-22 Builtin Policies 7/7
Static Policies 0/7
Preview 1.1.0-preview 1.0.0-preview
1.1.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
ChangeTrackingAndInventory 53448c70-089b-4f52-8f38-89196d7f2de1 Enable ChangeTracking and Inventory for Arc-enabled virtual machines Enable ChangeTracking and Inventory for Arc-enabled virtual machines. Takes Data Collection Rule ID as parameter and asks for an option to input applicable locations. 2025-01-23 Builtin Policies 6/6
Static Policies 0/6
GA 1.1.0 1.0.0-preview
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
ChangeTrackingAndInventory 92a36f05-ebc9-4bba-9128-b47ad2ea3354 Enable ChangeTracking and Inventory for virtual machines Enable ChangeTracking and Inventory for virtual machines. Takes Data Collection Rule ID as parameter and asks for an option to input applicable locations and user-assigned identity for Azure Monitor Agent. 2025-01-23 Builtin Policies 7/7
Static Policies 0/7
GA 1.2.0 1.0.0-preview
1.1.0-preview
1.2.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Cognitive Services Enforce-Guardrails-CognitiveServices Enforce recommended guardrails for Cognitive Services This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones. n/a Builtin Policies 9/9
Static Policies 0/9
ALZ Policies 0/9
GA 1.2.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Cognitive Services Enforce-Guardrails-OpenAI Enforce recommended guardrails for Open AI (Cognitive Service) This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones. n/a Builtin Policies 9/11
Static Policies 0/11
ALZ Policies 2/11
GA 1.2.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Compute Enforce-Guardrails-Compute Enforce recommended guardrails for Compute This policy initiative is a group of policies that ensures Compute is compliant per regulated Landing Zones. n/a Builtin Policies 2/2
Static Policies 0/2
ALZ Policies 0/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Container Apps Enforce-Guardrails-ContainerApps Enforce recommended guardrails for Container Apps This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones. n/a Builtin Policies 2/2
Static Policies 0/2
ALZ Policies 0/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Container Instances Enforce-Guardrails-ContainerInstance Enforce recommended guardrails for Container Instance This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones. n/a Builtin Policies 1/1
Static Policies 0/1
ALZ Policies 0/1
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Container Registry Enforce-Guardrails-ContainerRegistry Enforce recommended guardrails for Container Registry This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones. n/a Builtin Policies 12/12
Static Policies 0/12
ALZ Policies 0/12
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Cosmos DB cb5e1e90-7c33-491c-a15b-24885c915752 Enable Azure Cosmos DB throughput policy Enable throughput control for Azure Cosmos DB resources in the specified scope (Management group, Subscription or resource group). Takes max throughput as parameter. Use this policy to help enforce throughput control via the resource provider. 2020-05-29 Builtin Policies 2/2
Static Policies 0/2
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Cosmos DB Enforce-Guardrails-CosmosDb Enforce recommended guardrails for Cosmos DB This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones. n/a Builtin Policies 6/6
Static Policies 0/6
ALZ Policies 0/6
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Cost Optimization Audit-UnusedResourcesCostOptimization Unused resources driving cost should be avoided Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost. n/a Builtin Policies 0/4
Static Policies 0/4
ALZ Policies 4/4
GA 2.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Data Factory Enforce-Guardrails-DataFactory Enforce recommended guardrails for Data Factory This policy initiative is a group of policies that ensures Data Factory is compliant per regulated Landing Zones. n/a Builtin Policies 5/5
Static Policies 0/5
ALZ Policies 0/5
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Decommissioned Enforce-ALZ-Decomm Enforce policies in the Decommissioned Landing Zone Enforce policies in the Decommissioned Landing Zone. n/a Builtin Policies 1/2
Static Policies 0/2
ALZ Policies 1/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Desktop Virtualization Enforce-Guardrails-VirtualDesktop Enforce recommended guardrails for Virtual Desktop This policy initiative is a group of policies that ensures Virtual Desktop is compliant per regulated Landing Zones. n/a Builtin Policies 2/2
Static Policies 0/2
ALZ Policies 0/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Encryption Enforce-Encryption-CMK [Deprecated]: Deny or Audit resources without Encryption with a customer-managed key (CMK) Deny or Audit resources without Encryption with a customer-managed key (CMK). Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Encryption-CMK_20250218.html n/a Builtin Policies 29/30
Static Policies 0/30
ALZ Policies 1/30
Deprecated 3.2.0-deprecated n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Encryption Enforce-EncryptTransit [Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20240509.html n/a Builtin Policies 4/22
Static Policies 0/22
ALZ Policies 18/22
Deprecated 2.1.0-deprecated n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Encryption Enforce-EncryptTransit_20240509 [Deprecated]: Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_20241211.html n/a Builtin Policies 17/37
Static Policies 0/37
ALZ Policies 20/37
Deprecated 1.0.0-deprecated n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Encryption Enforce-Encryption-CMK_20250218 Deny or Audit resources without Encryption with a customer-managed key (CMK) Deny or Audit resources without Encryption with a customer-managed key (CMK) n/a Builtin Policies 29/30
Static Policies 0/30
ALZ Policies 1/30
GA 1.0.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Encryption Enforce-EncryptTransit_20241211 Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. n/a Builtin Policies 17/37
Static Policies 0/37
ALZ Policies 20/37
GA 1.2.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Event Grid Enforce-Guardrails-EventGrid Enforce recommended guardrails for Event Grid This policy initiative is a group of policies that ensures Event Grid is compliant per regulated Landing Zones. n/a Builtin Policies 8/8
Static Policies 0/8
ALZ Policies 0/8
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Event Hub Enforce-Guardrails-EventHub Enforce recommended guardrails for Event Hub This policy initiative is a group of policies that ensures Event Hub is compliant per regulated Landing Zones. n/a Builtin Policies 4/4
Static Policies 0/4
ALZ Policies 0/4
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
General 0a2ebd47-3fb9-4735-a006-b7f31ddadd9f Allow Usage Cost Resources Allow resources to be deployed except MCPP, M365. 2023-08-09 Builtin Policies 2/2
Static Policies 0/2
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Guest Configuration c937dcb4-4398-4b39-8d63-4a6be432252e [Deprecated]: Audit Linux VMs that do not have the specified applications installed This initiative deploys the policy requirements and audits Linux virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.1.0-deprecated 1.1.0 (1.1.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.1.0-deprecated
parity:true
falseBuiltIn
Guest Configuration f48bcc78-5400-4fb0-b913-5140a2e5fa20 [Deprecated]: Audit Linux VMs that have the specified applications installed This initiative deploys the policy requirements and audits Linux virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.1.0-deprecated 1.1.0 (1.1.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.1.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6 [Deprecated]: Audit VMs with insecure password security settings This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 18/18
Static Policies 0/18
Deprecated 1.1.1-deprecated 1.1.1 (1.1.1-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.1.0-deprecated
parity:false
falseBuiltIn
Guest Configuration acb6cd8e-45f5-466f-b3cb-ff6fce525f71 [Deprecated]: Audit Windows Server VMs on which Windows Serial Console is not enabled This initiative deploys the policy requirements and audits Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration add1999e-a61c-46d3-b8c3-f35fb8398175 [Deprecated]: Audit Windows VMs in which the Administrators group contains any of the specified members This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group contains any of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 133046de-0bd7-4546-93f4-f452e9e258b7 [Deprecated]: Audit Windows VMs in which the Administrators group does not contain all of the specified members This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain all of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 06122b01-688c-42a8-af2e-fa97dd39aa3b [Deprecated]: Audit Windows VMs in which the Administrators group does not contain only the specified members This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain only the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration c58599d5-0d51-454f-aaf1-da18a5e76edd [Deprecated]: Audit Windows VMs on which the DSC configuration is not compliant This initiative deploys the policy requirements and audits Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. This policy is only applicable to machines with WMF 4 and above. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 06c5e415-a662-463a-bb85-ede14286b979 [Deprecated]: Audit Windows VMs on which the Log Analytics agent is not connected as expected This initiative deploys the policy requirements and audits Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 4ddaefff-7c78-4824-9b27-5c344f3cdf90 [Deprecated]: Audit Windows VMs on which the remote host connection status does not match the specified one This initiative deploys the policy requirements and audits Windows virtual machines on which the remote host connection status does not match the specified one. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 8eeec860-e2fa-4f89-a669-84942c57225f [Deprecated]: Audit Windows VMs on which the specified services are not installed and 'Running' This initiative deploys the policy requirements and audits Windows virtual machines on which the specified services are not installed and 'Running'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 9d2fd8e6-95c8-410d-add0-43ada4241574 [Deprecated]: Audit Windows VMs on which Windows Defender Exploit Guard is not enabled This initiative deploys the policy requirements and audits Windows virtual machines on which Windows Defender Exploit Guard is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-04-22 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 6b3c1e80-8ae5-405b-b021-c23d13b3959f [Deprecated]: Audit Windows VMs that are not joined to the specified domain This initiative deploys the policy requirements and audits Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 538942d3-3fae-4fb6-9d94-744f9a51e7da [Deprecated]: Audit Windows VMs that are not set to the specified time zone This initiative deploys the policy requirements and audits Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration b6f5e05c-0aaa-4337-8dd4-357c399d12ae [Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration cdfcc6ff-945e-4bc6-857e-056cbc511e0c [Deprecated]: Audit Windows VMs that do not contain the specified certificates in Trusted Root This initiative deploys the policy requirements and audits Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\LocalMachine\Root). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 25ef9b72-4af2-4501-acd1-fc814e73dde1 [Deprecated]: Audit Windows VMs that do not have the specified applications installed This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration f000289c-47af-4043-87da-91ba9e1a2720 [Deprecated]: Audit Windows VMs that do not have the specified Windows PowerShell execution policy This initiative deploys the policy requirements and audits Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-08-28 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration c980fd64-c67f-49a6-a8a8-e57661150802 [Deprecated]: Audit Windows VMs that do not have the specified Windows PowerShell modules installed This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified Windows PowerShell modules installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-08-28 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration d618d658-b2d0-410e-9e2e-bfbfd04d09fa [Deprecated]: Audit Windows VMs that do not match Azure compute security baseline settings This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure compute security baseline configurations. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2021-05-13 Builtin Policies 58/58
Static Policies 0/58
Deprecated 1.0.1-deprecated 1.0.1 (1.0.1-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.1-deprecated
parity:true
falseBuiltIn
Guest Configuration b8b5b0a8-b809-4e5d-8082-382c686e35b7 [Deprecated]: Audit Windows VMs that have not restarted within the specified number of days This initiative deploys the policy requirements and audits Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration d7fff7ea-9d47-4952-b854-b7da261e48f2 [Deprecated]: Audit Windows VMs that have the specified applications installed This initiative deploys the policy requirements and audits Windows virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration c96b2a9c-6fab-4ac2-ae21-502143491cd4 [Deprecated]: Audit Windows VMs with a pending reboot This initiative deploys the policy requirements and audits Windows virtual machines with a pending reboot. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2020-09-09 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.0.0-deprecated 1.0.0 (1.0.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:true
falseBuiltIn
Guest Configuration 8bc55e6b-e9d5-4266-8dac-f688d151ec9c [Deprecated]: Audit Windows web servers that are not using secure communication protocols This initiative deploys the policy requirements and audits Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2023-05-10 Builtin Policies 2/2
Static Policies 0/2
Deprecated 1.1.0-deprecated 1.1.0 (1.1.0-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-deprecated
parity:false
falseBuiltIn
Guest Configuration 2b0ce52e-301c-4221-ab38-1601e2b4cee3 [Preview]: Deploy prerequisites to enable Guest Configuration policies on virtual machines using user-assigned managed identity This initiative adds a user-assigned managed identity and deploys the platform-appropriate Guest Configuration extension to virtual machines that are eligible to be monitored by Guest Configuration policies. This is a prerequisite for all Guest Configuration policies and must be assigned to the policy assignment scope before using any Guest Configuration policy. For more information on Guest Configuration, visit https://aka.ms/gcpol. 2022-06-30 Builtin Policies 3/3
Static Policies 0/3
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Guest Configuration be7a78aa-3e10-4153-a5fd-8c6506dbc821 [Preview]: Windows machines should meet requirements for the Azure compute security baseline This initiative audits Windows machines with settings that do not meet the Azure compute security baseline. For details, please visit https://aka.ms/gcpol 2021-05-13 Builtin Policies 29/29
Static Policies 0/29
Preview 2.0.1-preview 2.0.1-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
2.0.1-preview
parity:true
falseBuiltIn
Guest Configuration 095e4ed9-c835-4ab6-9439-b5644362a06c Audit machines with insecure password security settings This initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 2023-04-28 Builtin Policies 9/9
Static Policies 0/9
GA 1.1.0 1.1.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.1.0
parity:true
falseBuiltIn
Guest Configuration ee6f9c39-ca6c-4937-b5b7-f6d9775a6f17 Configure secure communication protocols(TLS 1.1 or TLS 1.2) on Windows machine(including prerequisites) Creates a Guest Configuration assignment(including prerequisites) to configure specified secure protocol version(TLS 1.1 or TLS 1.2) on Windows machine. For details, visit https://aka.ms/SetSecureProtocol 2023-03-23 Builtin Policies 3/3
Static Policies 0/3
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Guest Configuration 12794019-7a00-42cf-95c2-882eed337cc8 Deploy prerequisites to enable Guest Configuration policies on virtual machines This initiative adds a system-assigned managed identity and deploys the platform-appropriate Guest Configuration extension to virtual machines that are eligible to be monitored by Guest Configuration policies. This is a prerequisite for all Guest Configuration policies and must be assigned to the policy assignment scope before using any Guest Configuration policy. For more information on Guest Configuration, visit https://aka.ms/gcpol. 2021-05-11 Builtin Policies 4/4
Static Policies 0/4
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0
parity:true
falseBuiltIn
Guest Configuration Enforce-ACSB Enforce Azure Compute Security Benchmark compliance auditing Enforce Azure Compute Security Benchmark compliance auditing for Windows and Linux virtual machines. n/a Builtin Policies 5/5
Static Policies 0/5
ALZ Policies 0/5
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Key Vault Enforce-Guardrails-KeyVault-Sup Enforce additional recommended guardrails for Key Vault This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones. n/a Builtin Policies 2/2
Static Policies 0/2
ALZ Policies 0/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Key Vault Enforce-Guardrails-KeyVault Enforce recommended guardrails for Azure Key Vault Enforce recommended guardrails for Azure Key Vault. n/a Builtin Policies 29/29
Static Policies 0/29
ALZ Policies 0/29
GA 2.2.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Kubernetes c047ea8e-9c78-49b2-958b-37e56d291a44 [Preview]: Deployment safeguards should help guide developers towards AKS recommended best practices A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use deployment safeguards to assign this policy initiative: https://aka.ms/aks/deployment-safeguards. Azure Policy Add-On for AKS is a pre-requisite for applying these best practices to your clusters. For instructions on enabling the Azure Policy Add-On, go to aka.ms/akspolicydoc 2024-10-30 Builtin Policies 20/20
Static Policies 0/20
Preview 1.9.0-preview 1.3.2-preview
1.3.3-preview
1.4.0-preview
1.4.1-preview
1.5.0-preview
1.6.0-preview
1.7.0-preview
1.8.0-preview
1.9.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.6.0-preview
parity:false
falseBuiltIn
Kubernetes af28bf8b-c669-4dd3-9137-1e68fdc61bd6 [Preview]: Use Image Integrity to ensure only trusted images are deployed Use Image Integrity to ensure AKS clusters deploy only trusted images by enabling the Image Integrity and Azure Policy Add-Ons on AKS clusters. Image Integrity Add-On and Azure Policy Add-On are both pre-requisites to using Image Integrity to verify if image is signed upon deployment. For more info, visit https://aka.ms/aks/image-integrity. 2023-10-30 Builtin Policies 3/3
Static Policies 0/3
Preview 1.1.0-preview 1.1.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.1-preview
parity:false
falseBuiltIn
Kubernetes Enforce-Guardrails-Kubernetes Enforce recommended guardrails for Kubernetes This policy initiative is a group of policies that ensures Kubernetes is compliant per regulated Landing Zones. n/a Builtin Policies 16/16
Static Policies 0/16
ALZ Policies 0/16
GA 1.2.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Kubernetes a8640138-9b0a-4a28-b8cb-1666c838647d Kubernetes cluster pod security baseline standards for Linux-based workloads This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. 2023-10-30 Builtin Policies 5/5
Static Policies 0/5
GA 1.4.0 1.4.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.4.0
parity:true
falseBuiltIn
Kubernetes 42b8ef37-b724-4e24-bbc8-7a7708edfe00 Kubernetes cluster pod security restricted standards for Linux-based workloads This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. 2024-02-05 Builtin Policies 8/8
Static Policies 0/8
GA 2.5.0 2.4.0
2.5.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
2.5.0
parity:true
falseBuiltIn
Machine Learning Enforce-Guardrails-MachineLearning Enforce recommended guardrails for Machine Learning This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones. n/a Builtin Policies 14/14
Static Policies 0/14
ALZ Policies 0/14
GA 1.2.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Managed Identity 5e4ee281-95a3-442a-bb2a-5ef68cf5181a [Preview]: Managed Identity Federated Credentials should be of approved types from approved federation sources Control use of federated credentials for Managed Identities. This initiative incudes policies to block federated identity credentials altogether, to limit use to specific federation provider types, and to limit federation reationships to approved sources. 2023-04-06 Builtin Policies 3/3
Static Policies 0/3
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring a15f3269-2e10-458c-87a4-d5989e678a73 [Deprecated]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines This policy initiative is deprecated as part of Microsoft Defender for Cloud updated strategy. As part of this strategy, Azure Monitor agent is no longer required to receive Defender for Servers security features, but is required for Defender for SQL Server on machines. For more information visit: https://aka.ms/MdcAgentStrategy. Configure machines to automatically install the Azure Monitor and Azure Security agents. 2023-11-14 Builtin Policies 7/7
Static Policies 0/7
Deprecated 3.0.1-deprecated 3.0.1 (3.0.1-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring Alerting-LandingZone [Deprecated]: Deploy Azure Monitor Baseline Alerts for Landing Zone Initiative to deploy AMBA alerts relevant to the ALZ LandingZone management group n/a Builtin Policies 0/49
Static Policies 0/49
AMBA Policies 49/49
Deprecated 1.1.0-deprecated n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Deploy-Diagnostics-LogAnalytics [Deprecated]: Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. This policy set is superseded by built-in initiative https://www.azadvertizer.net/azpolicyinitiativesadvertizer/0884adba-2312-4468-abeb-5422caed1038.html. n/a Builtin Policies 17/70
Static Policies 0/70
ALZ Policies 53/70
Deprecated 2.2.0-deprecated n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Monitoring 59e9c3eb-d8df-473b-8059-23fd38ddd0f0 [Deprecated]: Enable Azure Monitor for Hybrid VMs with AMA Enable Azure Monitor for the hybrid virtual machines with AMA. Takes Log Analytics workspace as parameter and asks for an option to enable Processes and Dependencies. 2023-08-17 Builtin Policies 5/5
Static Policies 0/5
Deprecated 2.1.2-preview 2.1.2-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 9dffaf29-5905-4145-883c-957eb442c226 [Deprecated]: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) Enable Azure Monitor for the virtual machines (VMs) with AMA. Takes Log Analytics workspace as parameter and asks for an option to enable Processes and Dependencies. 2023-08-17 Builtin Policies 6/6
Static Policies 0/6
Deprecated 1.2.2-preview 1.2.2-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 1f9b0c83-b4fa-4585-a686-72b74aeabcfd [Deprecated]: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA) Enable Azure Monitor for the virtual machines scale set (VMSS) with AMA. Takes Log Analytics workspace as parameter and asks for an option to enable Processes and Dependencies. 2023-08-17 Builtin Policies 6/6
Static Policies 0/6
Deprecated 1.2.2-preview 1.2.2-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 39a366e6-fdde-4f41-bbf8-3757f46d1611 [Preview]: Configure Azure Defender for SQL agents on virtual machines Configure virtual machines to automatically install the Azure Defender for SQL agents where the Azure Monitor Agent is installed. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Creates a resource group and Log Analytics workspace in the same region as the machine. This policy only applies to VMs in a few regions. 2021-06-02 Builtin Policies 1/1
Static Policies 0/1
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 118f04da-0375-44d1-84e3-0fd9e1849403 Configure Linux machines to run Azure Monitor Agent and associate them to a Data Collection Rule Monitor and secure your Linux virtual machines, virtual machine scale sets, and Arc machines by deploying the Azure Monitor Agent extension and associating the machines with a specified Data Collection Rule. Deployment will occur on machines with supported OS images (or machines matching the provided list of images) in supported regions. 2024-04-03 Builtin Policies 4/4
Static Policies 0/4
GA 3.2.0 3.1.0
3.2.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 9575b8b7-78ab-4281-b53b-d3c1ace2260b Configure Windows machines to run Azure Monitor Agent and associate them to a Data Collection Rule Monitor and secure your Windows virtual machines, virtual machine scale sets, and Arc machines by deploying the Azure Monitor Agent extension and associating the machines with a specified Data Collection Rule. Deployment will occur on machines with supported OS images (or machines matching the provided list of images) in supported regions. 2024-04-03 Builtin Policies 4/4
Static Policies 0/4
GA 3.2.0 3.1.0
3.2.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring DenyAction-DeleteProtection DenyAction Delete - Activity Log Settings and Diagnostic Settings Enforces DenyAction - Delete on Activity Log Settings and Diagnostic Settings. n/a Builtin Policies 0/2
Static Policies 0/2
ALZ Policies 2/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Monitoring Notification-Assets Deploy Azure Monitor Baseline Alerts - Notification Assets This initiative deploys Notification Assets for Azure Monitor Baseline Alerts. This includes the setup of an Alert Processing Rule and an Action Group to manage notifications and actions, along with a Notification Suppression Rule to manage alert notifications, as well as a Notification Suppression Rule to control alert notifications. n/a Builtin Policies 0/2
Static Policies 0/2
AMBA Policies 2/2
GA 1.4.1 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-VM Deploy Azure Monitor Baseline Alerts for Azure Virtual Machines This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines. n/a Builtin Policies 0/11
Static Policies 0/11
AMBA Policies 11/11
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-NetworkChanges Deploy Azure Monitor Baseline Alerts for Changes in Network Routing and Security This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups. n/a Builtin Policies 0/4
Static Policies 0/4
AMBA Policies 4/4
GA 1.1.1 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-Connectivity Deploy Azure Monitor Baseline Alerts for Connectivity This initiative deploys Azure Monitor Baseline Alerts to monitor Network components such as Azure Firewalls, ExpressRoute, VPN, and Private DNS Zones. n/a Builtin Policies 0/52
Static Policies 0/52
AMBA Policies 52/52
GA 1.4.2 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-HybridVM Deploy Azure Monitor Baseline Alerts for Hybrid Virtual Machines This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers. n/a Builtin Policies 0/12
Static Policies 0/12
AMBA Policies 12/12
GA 1.2.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-Identity Deploy Azure Monitor Baseline Alerts for Identity Initiative to deploy AMBA alerts relevant to the ALZ Identity management group n/a Builtin Policies 0/8
Static Policies 0/8
AMBA Policies 8/8
GA 1.1.1 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-KeyManagement Deploy Azure Monitor Baseline Alerts for Key Management This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM. n/a Builtin Policies 0/8
Static Policies 0/8
AMBA Policies 8/8
GA 1.0.1 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-LoadBalancing Deploy Azure Monitor Baseline Alerts for Load Balancing This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door. n/a Builtin Policies 0/24
Static Policies 0/24
AMBA Policies 24/24
GA 1.1.1 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-Management Deploy Azure Monitor Baseline Alerts for Management Initiative to deploy AMBA alerts relevant to the ALZ Management management group n/a Builtin Policies 0/8
Static Policies 0/8
AMBA Policies 8/8
GA 1.4.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-RecoveryServices Deploy Azure Monitor Baseline Alerts for Recovery Services This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery. n/a Builtin Policies 0/2
Static Policies 0/2
AMBA Policies 2/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-ServiceHealth Deploy Azure Monitor Baseline Alerts for Service Health This initiative deploys Azure Monitor Baseline Alerts to monitor Service Health Events such as Service issues, Planned maintenance, Health advisories, Security advisories, and Resource health. n/a Builtin Policies 0/6
Static Policies 0/6
AMBA Policies 6/6
GA 1.5.2 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-Storage Deploy Azure Monitor Baseline Alerts for Storage This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts. n/a Builtin Policies 0/2
Static Policies 0/2
AMBA Policies 2/2
GA 1.0.1 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring Alerting-Web Deploy Azure Monitor Baseline Alerts for Web This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services. n/a Builtin Policies 0/9
Static Policies 0/9
AMBA Policies 9/9
GA 1.3.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseAMBA
Monitoring babf8e94-780b-4b4d-abaa-4830136a8725 Deploy Linux Azure Monitor Agent with user-assigned managed identity-based auth and associate with Data Collection Rule Monitor your Linux virtual machines and virtual machine scale sets by deploying the Azure Monitor Agent extension with user-assigned managed identity authentication and associating with specified Data Collection Rule. Azure Monitor Agent Deployment will occur on machines with supported OS images (or machines matching the provided list of images) in supported regions. 2024-04-03 Builtin Policies 5/5
Static Policies 0/5
GA 2.3.0 2.2.0
2.3.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.1.0
parity:false
falseBuiltIn
Monitoring 0d1b56c6-6d1f-4a5d-8695-b15efbea6b49 Deploy Windows Azure Monitor Agent with user-assigned managed identity-based auth and associate with Data Collection Rule Monitor your Windows virtual machines and virtual machine scale sets by deploying the Azure Monitor Agent extension with user-assigned managed identity authentication and associating with specified Data Collection Rule. Azure Monitor Agent Deployment will occur on machines with supported OS images (or machines matching the provided list of images) in supported regions. 2024-04-03 Builtin Policies 5/5
Static Policies 0/5
GA 2.3.0 2.2.0
2.3.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.1.0
parity:false
falseBuiltIn
Monitoring 85175a36-2f12-419a-96b4-18d5b0096531 Enable allLogs category group resource logging for supported resources to Event Hub Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the allLogs category group to route logs to Event Hub for all supported resources. 2024-05-15 Builtin Policies 140/140
Static Policies 0/140
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 0884adba-2312-4468-abeb-5422caed1038 Enable allLogs category group resource logging for supported resources to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the allLogs category group to route logs to an Event Hub for all supported resources 2024-05-15 Builtin Policies 140/140
Static Policies 0/140
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring b6b86da9-e527-49de-ac59-6af0a9db10b8 Enable allLogs category group resource logging for supported resources to storage Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the allLogs category group to route logs to storage for all supported resources. 2024-05-15 Builtin Policies 140/140
Static Policies 0/140
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 1020d527-2764-4230-92cc-7035e4fcf8a7 Enable audit category group resource logging for supported resources to Event Hub Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the audit category group to route logs to Event Hub for all supported resources 2024-05-15 Builtin Policies 69/69
Static Policies 0/69
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring f5b29bc4-feca-4cc6-a58a-772dd5e290a5 Enable audit category group resource logging for supported resources to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the audit category group to route logs to Log Analytics for all supported resources. 2024-05-15 Builtin Policies 69/69
Static Policies 0/69
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 8d723fb6-6680-45be-9d37-b1a4adb52207 Enable audit category group resource logging for supported resources to storage Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the audit category group to route logs to storage for all supported resources. 2024-05-15 Builtin Policies 69/69
Static Policies 0/69
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 2b00397d-c309-49c4-aa5a-f0b2c5bc6321 Enable Azure Monitor for Hybrid VMs with AMA Enable Azure Monitor for the hybrid virtual machines with AMA. 2023-08-17 Builtin Policies 6/6
Static Policies 0/6
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 924bfe3a-762f-40e7-86dd-5c8b95eb09e6 Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) Enable Azure Monitor for the virtual machines (VMs) with AMA. 2024-08-01 Builtin Policies 7/7
Static Policies 0/7
GA 1.2.0 1.0.0
1.1.0
1.2.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring f5bf694c-cca7-4033-b883-3a23327d5485 Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA) Enable Azure Monitor for the virtual machines scale set (VMSS) with AMA. 2024-08-01 Builtin Policies 7/7
Static Policies 0/7
GA 1.2.0 1.0.0
1.1.0
1.2.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 75714362-cae7-409e-9b99-a8e5075b7fad Legacy - Enable Azure Monitor for Virtual Machine Scale Sets Legacy - Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA). Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. 2022-08-12 Builtin Policies 6/6
Static Policies 0/6
GA 1.0.2 1.0.2 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Monitoring 55f3eceb-5573-4f18-9695-226972c6d74a Legacy - Enable Azure Monitor for VMs Legacy - Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Use the new initiative named: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) 2022-08-12 Builtin Policies 10/10
Static Policies 0/10
GA 2.0.1 2.0.1 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
3.0.1
parity:false
falseBuiltIn
MySQL Enforce-Guardrails-MySQL Enforce recommended guardrails for MySQL This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones. n/a Builtin Policies 2/2
Static Policies 0/2
ALZ Policies 0/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Network Deploy-Private-DNS-Zones Configure Azure PaaS services to use private DNS zones This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones n/a Builtin Policies 48/48
Static Policies 0/48
ALZ Policies 0/48
GA 2.4.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Network Enforce-Guardrails-Network Enforce recommended guardrails for Network and Networking services This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones. n/a Builtin Policies 15/22
Static Policies 0/22
ALZ Policies 7/22
GA 1.2.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Network 62329546-775b-4a3d-a4cb-eb4bb990d2c0 Flow logs should be configured and enabled for every network security group Audit for network security groups to verify if flow logs are configured and if flow log status is enabled. Enabling flow logs allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more. 2021-03-10 Builtin Policies 2/2
Static Policies 0/2
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Network Deny-PublicPaaSEndpoints Public network access should be disabled for PaaS services This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints n/a Builtin Policies 44/45
Static Policies 0/45
ALZ Policies 1/45
GA 5.2.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Nexus 336cb876-5cb8-4795-b9d1-bd9323d3487e [Preview]: Nexus Compute Cluster Security Baseline This initiative includes policies designed to reflect the security baseline expectations of Nexus Compute Clusters. It ensures that the cluster configurations adhere to specific security controls that are critical for maintaining a secure environment. 2024-09-26 Builtin Policies 13/13
Static Policies 0/13
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
PostgreSQL Enforce-Guardrails-PostgreSQL Enforce recommended guardrails for PostgreSQL This policy initiative is a group of policies that ensures PostgreSQL is compliant per regulated Landing Zones. n/a Builtin Policies 1/1
Static Policies 0/1
ALZ Policies 0/1
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Regulatory Compliance 42a694ed-f65e-42b2-aa9e-8052e9740a92 [Deprecated]: Azure Security Benchmark v1 This initiative has been deprecated. The Azure Security Benchmark initiative now represents the Azure Security Benchmark v2 controls, and serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center. 2025-03-12 Builtin Policies 108/108
Static Policies 0/108
Deprecated 14.7.0-deprecated 14.2.0 (14.2.0-deprecated)
14.3.0 (14.3.0-deprecated)
14.4.0 (14.4.0-deprecated)
14.5.0 (14.5.0-deprecated)
14.6.0 (14.6.0-deprecated)
14.7.0 (14.7.0-deprecated)
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
14.6.0-deprecated
parity:false
trueBuiltIn
Regulatory Compliance bb522ac1-bc39-4957-b194-429bcd3bcb0b [Deprecated]: Azure Security Benchmark v2 This initiative has been deprecated. The Azure Security Benchmark v2 policy set is now represented in the consolidated Azure Security Benchmark initiative, which also serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center 2025-03-12 Builtin Policies 148/148
Static Policies 0/148
Deprecated 11.11.0-deprecated 11.3.0 (11.3.0-deprecated)
11.4.0 (11.4.0-deprecated)
11.5.0 (11.5.0-deprecated)
11.6.0 (11.6.0-deprecated)
11.7.0 (11.7.0-deprecated)
11.8.0 (11.8.0-deprecated)
11.9.0 (11.9.0-deprecated)
11.10.0 (11.10.0-deprecated)
11.11.0 (11.11.0-deprecated)
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
10.9.0-deprecated
parity:false
trueBuiltIn
Regulatory Compliance 8d792a84-723c-4d92-a3c3-e4ed16a2d133 [Deprecated]: DoD Impact Level 4 This initiative includes policies that address a subset of DoD Impact Level 4 (IL4) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/dodil4-initiative. 2025-03-12 Builtin Policies 70/70
Static Policies 0/70
Deprecated 9.6.0-deprecated 9.2.0 (9.2.0-deprecated)
9.3.0 (9.3.0-deprecated)
9.4.0 (9.4.0-deprecated)
9.5.0 (9.5.0-deprecated)
9.6.0 (9.6.0-deprecated)
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
22.13.0
parity:false
falseBuiltIn
Regulatory Compliance d1a462af-7e6d-4901-98ac-61570b4ed22a [Deprecated]: New Zealand ISM Restricted This initiative includes policies that address a subset of New Zealand Information Security Manual controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative. 2025-03-12 Builtin Policies 115/115
Static Policies 0/115
Deprecated 11.12.0-deprecated 11.5.0
11.6.1
11.6.2 (11.6.2-deprecated)
11.7.0 (11.7.0-deprecated)
11.8.0 (11.8.0-deprecated)
11.9.0 (11.9.0-deprecated)
11.10.0 (11.10.0-deprecated)
11.11.0 (11.11.0-deprecated)
11.12.0 (11.12.0-deprecated)
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 93d2179e-3068-c82f-2428-d614ae836a04 [Deprecated]: New Zealand ISM Restricted v3.5 This initiative includes policies that address a subset of New Zealand Information Security Manual v3.5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative. 2025-03-12 Builtin Policies 149/149
Static Policies 0/149
Deprecated 2.15.0-deprecated 2.5.0
2.6.0
2.7.0
2.8.0
2.8.1 (2.8.1-deprecated)
2.9.0 (2.9.0-deprecated)
2.10.0 (2.10.0-deprecated)
2.11.0 (2.11.0-deprecated)
2.12.0 (2.12.0-deprecated)
2.13.0 (2.13.0-deprecated)
2.14.0 (2.14.0-deprecated)
2.15.0 (2.15.0-deprecated)
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 27272c0b-c225-4cc3-b8b0-f2534b093077 [Preview]: Australian Government ISM PROTECTED This initiative includes policies that address a subset of Australian Government Information Security Manual (ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/auism-initiative. 2025-03-12 Builtin Policies 41/41
Static Policies 0/41
Preview 8.8.0-preview 8.2.1-preview
8.2.2-preview
8.3.0-preview
8.4.0-preview
8.5.0-preview
8.6.0-preview
8.7.0-preview
8.8.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 4e50fd13-098b-3206-61d6-d1d78205cb45 [Preview]: CMMC 2.0 Level 2 This initiative includes policies that address a subset of CMMC 2.0 Level 2 practices. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc2l2-initiative. 2025-03-12 Builtin Policies 230/230
Static Policies 0/230
Preview 2.17.0-preview 2.5.0-preview
2.6.0-preview
2.7.0-preview
2.8.0-preview
2.9.0-preview
2.10.0-preview
2.11.0-preview
2.12.0-preview
2.13.0-preview
2.14.0-preview
2.15.0-preview
2.16.0-preview
2.17.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.13.0-preview
parity:false
trueBuiltIn
Regulatory Compliance 92646f03-e39d-47a9-9e24-58d60ef49af8 [Preview]: Motion Picture Association of America (MPAA) This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-init. 2025-01-28 Builtin Policies 32/32
Static Policies 0/32
Preview 4.5.0-preview 4.1.0-preview
4.2.0-preview
4.3.0-preview
4.4.0-preview
4.5.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Regulatory Compliance 32ff9e30-4725-4ca7-ba3a-904a7721ee87 [Preview]: NIS2 The NIS2 Directive enhances the cybersecurity and resilience of critical infrastructure and digital services across the European Union, ensuring a higher level of protection against cyber threats. 2025-01-28 Builtin Policies 67/239
Static Policies 172/239
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance d0d5578d-cc08-2b22-31e3-f525374f235a [Preview]: Reserve Bank of India - IT Framework for Banks This initiative includes policies that address a subset of Reserve Bank of India IT Framework for Banks controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/rbiitfbanks-initiative. 2025-03-12 Builtin Policies 152/152
Static Policies 0/152
Preview 1.18.0-preview 1.5.0-preview
1.6.0-preview
1.7.0-preview
1.8.0-preview
1.9.0-preview
1.10.0-preview
1.11.0-preview
1.12.0-preview
1.13.0-preview
1.14.0-preview
1.15.0-preview
1.16.0-preview
1.17.0-preview
1.18.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c [Preview]: Reserve Bank of India - IT Framework for NBFC This initiative includes policies that address a subset of Reserve Bank of India IT Framework for Non-Banking Financial Companies (NBFC) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/rbiitfnbfc-initiative. 2025-03-12 Builtin Policies 120/120
Static Policies 0/120
Preview 2.14.0-preview 2.4.0-preview
2.5.0-preview
2.6.0-preview
2.7.0-preview
2.8.0-preview
2.9.0-preview
2.10.0-preview
2.11.0-preview
2.12.0-preview
2.13.0-preview
2.14.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 3e0c67fc-8c7c-406c-89bd-6b6bdc986a22 [Preview]: SWIFT CSP-CSCF v2020 This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2020-init. 2025-03-12 Builtin Policies 48/48
Static Policies 0/48
Preview 6.6.0-preview 6.1.0-preview
6.2.0-preview
6.3.0-preview
6.4.0-preview
6.5.0-preview
6.6.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Regulatory Compliance abf84fac-f817-a70c-14b5-47eec767458a [Preview]: SWIFT CSP-CSCF v2021 This initiative includes policies that address a subset of the SWIFT Customer Security Program's Customer Security Controls Framework v2021 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2021-init. 2025-03-12 Builtin Policies 123/123
Static Policies 0/123
Preview 4.13.0-preview 4.4.0-preview
4.5.0-preview
4.6.0-preview
4.7.0-preview
4.8.0-preview
4.9.0-preview
4.10.0-preview
4.11.0-preview
4.12.0-preview
4.13.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 80307b86-ab81-45ab-bf4f-4e0b93cf3dd5 ACAT for Microsoft 365 Certification App Compliance Automation Tool for Microsoft 365 (ACAT) simplifies the process to achieve Microsoft 365 Certification, see https://aka.ms/acat. This certification ensures that apps have strong security and compliance practices in place to protect customer data, security, and privacy. This initiative includes policies that address a subset of the Microsoft 365 Certification controls. Additional policies will be added in upcoming releases. 2024-06-19 Builtin Policies 16/16
Static Policies 0/16
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance f03d9540-4405-4365-8272-318999d1b37a APRA CPS 234 2019 Australian Prudential Regulation Authority (APRA) standard for managing information security risks in regulated entities. 2025-01-30 Builtin Policies 18/18
Static Policies 0/18
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 770977b7-fceb-4c16-9d09-b7484fb8eef2 Brazilian General Data Protection Law (LGPD) 2018 Brazil's comprehensive data protection law, regulating the processing of personal data. 2025-01-30 Builtin Policies 19/19
Static Policies 0/19
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 4c4a5f27-de81-430b-b4e5-9cbd50595a87 Canada Federal PBMM This initiative includes policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/canadafederalpbmm-init. 2025-03-12 Builtin Policies 46/46
Static Policies 0/46
GA 8.7.0 8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance f8f5293d-df94-484a-a3e7-6b422a999d91 Canada Federal PBMM 3-1-2020 Security standards for Canadian federal systems, ensuring the confidentiality, integrity, and availability of sensitive information. 2025-01-30 Builtin Policies 209/209
Static Policies 0/209
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85 CIS Azure Foundations v2.1.0 Security guidance for Microsoft Azure, providing best practices to enhance security posture. 2025-01-30 Builtin Policies 31/31
Static Policies 0/31
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 046796ef-e8a7-4398-bbe9-cce970b1a3ae CIS Controls v8.1 Globally recognized cybersecurity best practices, offering actionable steps to protect against cyber threats. 2025-01-30 Builtin Policies 182/182
Static Policies 0/182
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 1a5bb27d-173f-493e-9568-eb56638dde4d CIS Microsoft Azure Foundations Benchmark v1.1.0 The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.1.0 controls. For more information, visit https://aka.ms/cisazure110-initiative 2025-03-12 Builtin Policies 146/146
Static Policies 0/146
GA 16.10.0 16.2.0
16.3.0
16.4.0
16.5.0
16.6.0
16.7.0
16.8.0
16.9.0
16.10.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
15.8.0
parity:false
trueBuiltIn
Regulatory Compliance 612b5213-9160-4969-8578-1518bd2a000c CIS Microsoft Azure Foundations Benchmark v1.3.0 The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.3.0 controls. For more information, visit https://aka.ms/cisazure130-initiative 2025-01-28 Builtin Policies 162/162
Static Policies 0/162
GA 8.13.0 8.4.0
8.5.0
8.6.0
8.7.0
8.8.0
8.9.0
8.10.0
8.11.0
8.12.0
8.13.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
7.10.0
parity:false
trueBuiltIn
Regulatory Compliance c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 CIS Microsoft Azure Foundations Benchmark v1.4.0 The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.4.0 controls. For more information, visit https://aka.ms/cisazure140-initiative 2025-01-28 Builtin Policies 161/161
Static Policies 0/161
GA 1.12.0 1.5.1
1.6.0
1.7.0
1.8.0
1.9.0
1.10.0
1.11.0
1.12.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 06f19060-9e68-4070-92ca-f15cc126059e CIS Microsoft Azure Foundations Benchmark v2.0.0 The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v2.0.0 controls. For more information, visit https://aka.ms/cisazure200-initiative 2025-01-28 Builtin Policies 193/193
Static Policies 0/193
GA 1.5.0 1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance b5629c75-5c77-4422-87b9-2509e680f8de CMMC Level 3 This initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative. 2025-03-12 Builtin Policies 143/143
Static Policies 0/143
GA 11.13.0 11.3.0
11.4.0
11.5.0
11.6.0
11.7.0
11.8.0
11.9.0
11.10.0
11.11.0
11.12.0
11.13.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
9.10.0
parity:false
trueBuiltIn
Regulatory Compliance 8791506a-dec4-497a-a83f-3abfde37c400 CSA CSA Cloud Controls Matrix v4.0.12 Cybersecurity framework by the Cloud Security Alliance (CSA), offering security controls specifically for cloud environments. 2025-01-30 Builtin Policies 222/222
Static Policies 0/222
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance b2f588d7-1ed5-47c7-977d-b93dff520c4c Cyber Essentials v3.1 UK certification scheme to protect against common cyber threats through basic security controls. 2025-01-30 Builtin Policies 112/112
Static Policies 0/112
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance a4087154-2edb-4329-b56a-1cc986807f3c Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 Focuses on protecting Controlled Unclassified Information (CUI) in defense contracting with advanced security controls. 2025-01-30 Builtin Policies 218/218
Static Policies 0/218
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 42346945-b531-41d8-9e46-f95057672e88 EU 2022/2555 (NIS2) 2022 Enhances cybersecurity across the EU with security measures and incident reporting for critical sectors. 2025-01-30 Builtin Policies 200/200
Static Policies 0/200
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 7326812a-86a4-40c8-af7c-8945de9c4913 EU General Data Protection Regulation (GDPR) 2016/679 Comprehensive data protection law regulating personal data processing within the EU. 2025-01-30 Builtin Policies 313/313
Static Policies 0/313
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 4fcabc2a-30b2-4ba5-9fbb-b1a4e08fb721 FBI Criminal Justice Information Services (CJIS) v5.9.5 Standards by the FBI to secure criminal justice information, covering data access, transmission, and storage. 2025-01-30 Builtin Policies 236/236
Static Policies 0/236
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance d5264498-16f4-418a-b659-fa7ef418175f FedRAMP High FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (High) controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-fedramp 2025-03-12 Builtin Policies 715/715
Static Policies 0/715
GA 17.18.0 17.5.0
17.6.0
17.7.0
17.8.0
17.9.0
17.10.0
17.11.0
17.12.0
17.13.0
17.14.0
17.15.0
17.16.0
17.17.0
17.18.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
17.14.0
parity:false
trueBuiltIn
Regulatory Compliance e95f5a9f-57ad-4d03-bb0b-b1d16db93693 FedRAMP Moderate FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (Moderate) controls. Additional policies will be added in upcoming releases. For more information, visit https://www.fedramp.gov/documents-templates/ 2025-03-12 Builtin Policies 646/646
Static Policies 0/646
GA 17.17.0 17.5.0
17.6.0
17.7.0
17.8.0
17.9.0
17.10.0
17.11.0
17.12.0
17.13.0
17.14.0
17.15.0
17.16.0
17.17.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
17.13.0
parity:false
trueBuiltIn
Regulatory Compliance 1d5dbdd5-6f93-43ce-a939-b19df3753cf7 FFIEC CAT 2017 Assessment tool for financial institutions to measure cybersecurity preparedness, from the FFIEC. 2025-01-30 Builtin Policies 141/141
Static Policies 0/141
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance e0d47b75-5d99-442a-9d60-07f2595ab095 HITRUST CSF v11.3 A comprehensive security and privacy framework for managing compliance in industries like healthcare and finance. 2025-01-30 Builtin Policies 237/237
Static Policies 0/237
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance a169a624-5599-4385-a696-c8d643089fab HITRUST/HIPAA Health Information Trust Alliance (HITRUST) helps organizations from all sectors-but especially healthcare-effectively manage data, information risk, and compliance. HITRUST certification means that the organization has undergone a thorough assessment of the information security program. These policies address a subset of HITRUST controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/hipaa-hitrust-9-2 2025-03-12 Builtin Policies 596/596
Static Policies 0/596
GA 14.9.0 14.2.0
14.3.0
14.4.0
14.5.0
14.6.0
14.7.0
14.8.0
14.9.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 105e0327-6175-4eb2-9af4-1fba43bdb39d IRS1075 September 2016 This initiative includes policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/irs1075-init. 2025-03-12 Builtin Policies 48/48
Static Policies 0/48
GA 8.7.0 8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
8.6.0
parity:false
trueBuiltIn
Regulatory Compliance 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 ISO 27001:2013 The International Organization for Standardization (ISO) 27001 standard provides requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS). These policies address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/iso27001-init 2025-03-12 Builtin Policies 452/452
Static Policies 0/452
GA 8.7.0 8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
7.7.0
parity:false
trueBuiltIn
Regulatory Compliance 5e4ff661-23bf-42fa-8e3a-309a55091cc7 ISO/IEC 27001 2022 International standard for managing information security via an Information Security Management System (ISMS). 2025-01-30 Builtin Policies 63/63
Static Policies 0/63
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance e3030e83-88d5-4f23-8734-6577a2c97a32 ISO/IEC 27002 2022 Provides specific guidance on implementing controls for information security, complementing ISO 27001. 2025-01-30 Builtin Policies 162/162
Static Policies 0/162
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance f48ecfa6-581c-43f9-8141-cd4adc72cf26 ISO/IEC 27017 2015 Cloud-specific extension to ISO 27001, providing security guidelines for cloud service providers and customers. 2025-01-30 Builtin Policies 102/102
Static Policies 0/102
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 6d220abf-cf6f-4b17-8f7e-0644c4cc84b4 NCSC Cyber Assurance Framework (CAF) v3.2 UK framework providing cybersecurity guidance for critical national infrastructure to protect systems and data. 2025-03-12 Builtin Policies 82/82
Static Policies 0/82
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 4f5b1359-4f8e-4d7c-9733-ea47fcde891e New Zealand ISM NZISM v3.8. The New Zealand Information Security Manual (NZISM) details processes and controls essential for the protection of all New Zealand Government information and systems. This initiative includes policies that address a subset of NZISM controls. Additional policies will be added in upcoming releases. For full details on controls, please refer to https://www.nzism.gcsb.govt.nz/ism-document. This policy set includes definitions that have a Deny effect by default. 2025-03-12 Builtin Policies 209/209
Static Policies 0/209
GA 1.8.0 1.0.0-preview
1.1.0-preview
1.2.0-preview
1.2.1
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 38916c43-6876-4971-a4b1-806aa7e55ccc NIST 800-171 R3 Guidelines for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations. 2025-03-12 Builtin Policies 226/226
Static Policies 0/226
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 184a0e05-7b06-4a68-bbbe-13b8353bc613 NIST CSF v2.0 Risk-based approach to managing cybersecurity threats, offering guidance for improving cybersecurity practices. 2025-01-30 Builtin Policies 112/112
Static Policies 0/112
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 03055927-78bd-4236-86c0-f36125a10dc9 NIST SP 800-171 Rev. 2 The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect the information and information systems of federal agencies. In response to Executive Order 13556 on managing controlled unclassified information (CUI), it published NIST SP 800-171. These policies address a subset of NIST SP 800-171 Rev. 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-nist-800-171 2025-03-12 Builtin Policies 445/445
Static Policies 0/445
GA 15.17.0 15.5.0
15.6.0
15.7.0
15.8.0
15.9.0
15.10.0
15.11.0
15.12.0
15.13.0
15.14.0
15.15.0
15.16.0
15.17.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
15.13.0
parity:false
trueBuiltIn
Regulatory Compliance 60205a79-6280-4e20-a147-e2011e09dc78 NIST SP 800-53 R5.1.1 Comprehensive security and privacy controls framework for U.S. federal information systems and organizations. 2025-03-12 Builtin Policies 243/243
Static Policies 0/243
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f NIST SP 800-53 Rev. 4 National Institute of Standards and Technology (NIST) SP 800-53 R4 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk.These policies address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative 2025-03-12 Builtin Policies 716/716
Static Policies 0/716
GA 17.17.0 17.5.0
17.6.0
17.7.0
17.8.0
17.9.0
17.10.0
17.11.0
17.12.0
17.13.0
17.14.0
17.15.0
17.16.0
17.17.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
18.13.0
parity:false
trueBuiltIn
Regulatory Compliance 179d1daa-458f-4e47-8086-2a68d0d6c38f NIST SP 800-53 Rev. 5 National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk. These policies address a subset of NIST SP 800-53 R5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r5-initiative 2025-03-12 Builtin Policies 701/701
Static Policies 0/701
GA 14.17.0 14.5.0
14.6.0
14.7.0
14.8.0
14.9.0
14.10.0
14.11.0
14.12.0
14.13.0
14.14.0
14.15.0
14.16.0
14.17.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
14.13.0
parity:false
trueBuiltIn
Regulatory Compliance 6ce73208-883e-490f-a2ac-44aac3b3687f NL BIO Cloud Theme This initiative includes policies that address the Dutch Baseline Informatiebeveiliging (BIO) controls specifically for the 'thema-uitwerking Clouddiensten' and include policies covered under the SOC2 and ISO 27001:2013 controls. 2025-03-12 Builtin Policies 238/238
Static Policies 0/238
GA 1.11.0 1.0.0
1.1.0
1.1.1
1.2.0
1.3.0
1.4.0
1.5.0
1.5.1
1.6.0
1.7.0
1.8.0
1.9.0
1.10.0
1.11.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee NL BIO Cloud Theme V2 This initiative includes policies that address the Dutch Baseline Informatiebeveiliging (BIO) controls specifically for the 'thema-uitwerking Clouddiensten' and include policies covered under the SOC2 and ISO 27001:2013 controls. 2025-01-28 Builtin Policies 260/260
Static Policies 0/260
GA 2.2.0 2.0.0
2.1.0
2.2.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 4476df0a-18ab-4bfe-b6ad-cccae1cf320f NZISM v3.7 New Zealand's Information Security Manual, providing security guidance for government agencies. 2025-03-12 Builtin Policies 230/230
Static Policies 0/230
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance c676748e-3af9-4e22-bc28-50feed564afb PCI DSS v4 The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data. These policies address a subset of PCI-DSS v4 controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/pci-dss-3-2-1 2025-03-12 Builtin Policies 272/272
Static Policies 0/272
GA 1.7.0 1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.5.0
parity:false
trueBuiltIn
Regulatory Compliance a06d5deb-24aa-4991-9d58-fa7563154e31 PCI DSS v4.0.1 Payment Card Industry Data Security Standard, focusing on protecting credit card transaction data. 2025-03-12 Builtin Policies 217/217
Static Policies 0/217
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 496eeda9-8f2f-4d5e-8dfd-204f0a92ed41 PCI v3.2.1:2018 This initiative includes policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/pciv321-init. 2025-03-12 Builtin Policies 30/30
Static Policies 0/30
GA 6.6.0 6.1.0
6.2.0
6.3.0
6.4.0
6.5.0
6.6.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 RMIT Malaysia This initiative includes policies that address a subset of RMIT requirements. Additional policies will be added in upcoming releases. For more information, visit aka.ms/rmit-initiative. 2025-03-12 Builtin Policies 189/189
Static Policies 0/189
GA 9.16.0 9.4.0
9.5.0
9.6.0
9.7.0
9.8.0
9.9.0
9.10.0
9.11.0
9.12.0
9.13.0
9.14.0
9.15.0
9.16.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 5757cf73-35d1-46d4-8c78-17b7ddd6076a Sarbanes Oxley Act 2022 U.S. federal law aimed at improving corporate transparency and accountability, including provisions for cybersecurity and IT controls. 2025-01-28 Builtin Policies 92/92
Static Policies 0/92
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 4054785f-702b-4a98-9215-009cbd58b141 SOC 2 Type 2 A System and Organization Controls (SOC) 2 is a report based on the Trust Service Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA). The Report evaluates an organization's information system relevant to the following principles: security, availability, processing integrity, confidentiality and privacy. These policies address a subset of SOC 2 Type 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-soc-2 2025-01-28 Builtin Policies 308/308
Static Policies 0/308
GA 1.11.0 1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.0
1.10.0
1.11.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.7.0
parity:false
trueBuiltIn
Regulatory Compliance 53ad89f5-8542-49e9-ba81-1cbd686e0d52 SOC 2023 Service Organization Control reports that ensure organizations manage sensitive data securely and comply with trust service criteria. 2025-03-12 Builtin Policies 242/242
Static Policies 0/242
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 03de05a4-c324-4ccd-882f-a814ea8ab9ea Sovereignty Baseline - Confidential Policies The Microsoft Cloud for Sovereignty recommends confidential policies to help organizations achieve their sovereignty goals by default denying the creation of resources outside of approved regions, denying resources that are not backed by Azure Confidential Computing, and denying data storage resources that are not using Customer-Managed Keys. More details can be found here: https://aka.ms/SovereigntyBaselinePolicies 2025-02-27 Builtin Policies 19/19
Static Policies 0/19
GA 1.1.1 1.0.0-preview
1.0.1-preview
1.1.0
1.1.1
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance c1cbff38-87c0-4b9f-9f70-035c7a3b5523 Sovereignty Baseline - Global Policies The Microsoft Cloud for Sovereignty recommends global policies to help organizations achieve their sovereignty goals by default denying the creation of resources outside of approved regions. More details can be found here: https://aka.ms/SovereigntyBaselinePolicies 2025-03-06 Builtin Policies 5/5
Static Policies 0/5
GA 1.1.1 1.0.0-preview
1.1.0-preview
1.1.1
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 175daf90-21e1-4fec-b745-7b4c909aa94c Spain ENS This initiative includes policies that address National Security Scheme (ENS) controls specifically for the 'CCN-STIC 884'. This policy set includes definitions that have a Deny effect by default. 2025-02-27 Builtin Policies 634/859
Static Policies 225/859
GA 1.6.0 1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 7bc7cd6c-4114-ff31-3cac-59be3157596d SWIFT CSP-CSCF v2022 SWIFT's Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF). These policies address a subset of SWIFT controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/swift-cscf-v2021 2025-03-12 Builtin Policies 327/327
Static Policies 0/327
GA 2.10.0 2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0
2.10.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 7499005e-df5a-45d9-810f-041cf346678c SWIFT Customer Security Controls Framework 2024 Ensures secure transactions for organizations using SWIFT, the global financial messaging service. 2025-03-12 Builtin Policies 211/211
Static Policies 0/211
GA 1.1.0 1.0.0
1.1.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Regulatory Compliance 3937f550-eedd-4639-9c5e-294358be442e UK OFFICIAL and UK NHS This initiative includes audit and virtual machine extension deployment policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/ukofficial-init and https://aka.ms/uknhs-init. 2025-03-12 Builtin Policies 45/45
Static Policies 0/45
GA 9.7.0 9.1.0
9.2.0
9.3.0
9.4.0
9.5.0
9.6.0
9.7.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
trueBuiltIn
Resilience 130fb88f-0fc9-4678-bfe1-31022d71c7d5 [Preview]: Resources should be Zone Resilient Some resource types can be deployed Zone Redundant (e.g. SQL Databases); some can be deploy Zone Aligned (e.g. Virtual Machines); and some can be deployed either Zone Aligned or Zone Redundant (e.g. Virtual Machine Scale Sets). Being zone aligned does not guarantee resilience, but it is the foundation on which a resilient solution can be built (e.g. three Virtual Machine Scale Sets zone aligned to three different zones in the same region with a load balancer). See https://aka.ms/AZResilience for more info. 2024-02-23 Builtin Policies 34/34
Static Policies 0/34
Preview 1.10.0-preview 1.3.0-preview
1.4.0-preview
1.5.0-preview
1.6.0-preview
1.7.0-preview
1.8.0-preview
1.9.0-preview
1.10.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.10.0-preview
parity:true
falseBuiltIn
Sandbox Enforce-ALZ-Sandbox Enforce policies in the Sandbox Landing Zone Enforce policies in the Sandbox Landing Zone. n/a Builtin Policies 1/2
Static Policies 0/2
ALZ Policies 1/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
SDN f1535064-3294-48fa-94e2-6e83095a5c08 Audit Public Network Access Audit Azure resources that allow access from the public internet 2024-04-11 Builtin Policies 35/35
Static Policies 0/35
GA 4.2.0 4.1.0
4.2.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
SDN 7379ef4c-89b0-48b6-a5cc-fd3a75eaef93 Evaluate Private Link Usage Across All Supported Azure Resources Compliant resources have at least one approved private endpoint connection 2023-03-23 Builtin Policies 30/30
Static Policies 0/30
GA 1.1.0 1.1.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Security Center 362ab02d-c362-417e-a525-45805d58e21d [Deprecated]: Configure machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent This policy initiative is deprecated as part of Microsoft Defender for Cloud updated strategy. As part of this strategy, Azure Monitor agent is no longer required to receive Defender for Servers security features, but is required for Defender for SQL Server on machines. For more information visit: https://aka.ms/MdcAgentStrategy. Configure machines to automatically install the Azure Monitor and Azure Security agents. Create a resource group, Data Collection Rule and Log Analytics workspace to store data. 2023-11-14 Builtin Policies 13/13
Static Policies 0/13
Deprecated 1.0.2-deprecated 1.0.2 (1.0.2-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Security Center 500ab3a2-f1bd-4a5a-8e47-3e09d9a294c3 [Deprecated]: Configure machines to create the user-defined Microsoft Defender for Cloud pipeline using Azure Monitor Agent This policy initiative is deprecated as part of Microsoft Defender for Cloud updated strategy. As part of this strategy, Azure Monitor agent is no longer required to receive Defender for Servers security features, but is required for Defender for SQL Server on machines. For more information visit: https://aka.ms/MdcAgentStrategy. Configure machines to automatically install the Azure Monitor and Azure Security agents. Use the user-provided Log Analytics workspace to store audit records. 2023-11-14 Builtin Policies 13/13
Static Policies 0/13
Deprecated 1.0.2-deprecated 1.0.2 (1.0.2-deprecated) AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Security Center Deploy-MDFC-DefenderSQL-AMA [Deprecated]: Configure SQL VM and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LAW Initiative is deprecated as the built-in initiative now supports bringing your own UAMI and DCR. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/de01d381-bae9-4670-8870-786f89f49e26.html n/a Builtin Policies 2/7
Static Policies 0/7
ALZ Policies 5/7
Deprecated 1.0.1-deprecated n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Security Center Deploy-MDFC-Config [Deprecated]: Deploy Microsoft Defender for Cloud configuration Deploy Microsoft Defender for Cloud configuration. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-MDFC-Config_20240319.html n/a Builtin Policies 18/19
Static Policies 0/19
ALZ Policies 1/19
Deprecated 7.0.0-deprecated n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Security Center e20d08c5-6d64-656d-6465-ce9e37fd0ebc [Preview]: Deploy Microsoft Defender for Endpoint agent Deploy Microsoft Defender for Endpoint agent on applicable images. 2022-02-24 Builtin Policies 4/4
Static Policies 0/4
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Security Center e77fc0b3-f7e9-4c58-bc13-cb753ed8e46e Configure Advanced Threat Protection to be enabled on open-source relational databases Enable Advanced Threat Protection on your non-Basic tier open-source relational databases to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. See https://aka.ms/AzDforOpenSourceDBsDocu. 2024-04-17 Builtin Policies 5/5
Static Policies 0/5
GA 1.2.0 1.0.1
1.1.0
1.2.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Security Center 9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. 2022-09-09 Builtin Policies 3/3
Static Policies 0/3
GA 3.0.0 3.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Security Center f08c57cd-dbd6-49a4-a85e-9ae77ac959b0 Configure Microsoft Defender for Cloud plans Microsoft Defender for Cloud provides comprehensive, cloud-native protections from development to runtime in multi-cloud environments. Use the policy initiative to configure Defender for Cloud plans and extensions to be enabled on selected scope(s). 2024-02-05 Builtin Policies 11/11
Static Policies 0/11
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Security Center 9d46421d-1a48-4636-8d1a-5525ed29172d Configure Microsoft Defender for Databases to be enabled Configure Microsoft Defender for Databases to protect your Azure SQL Databases, Managed Instances, Open-source relational databases and Cosmos DB. 2022-07-21 Builtin Policies 4/4
Static Policies 0/4
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Security Center 77b391e3-2d5d-40c3-83bf-65c846b3c6a3 Configure multiple Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud Configure the multiple Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud (WDATP, WDATP_EXCLUDE_LINUX_PUBLIC_PREVIEW, WDATP_UNIFIED_SOLUTION etc.). See: https://learn.microsoft.com/azure/defender-for-cloud/integration-defender-for-endpoint for more information. 2024-02-15 Builtin Policies 3/3
Static Policies 0/3
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0
parity:true
falseBuiltIn
Security Center Deploy-AUM-CheckUpdates Configure periodic checking for missing system updates on azure virtual machines and Arc-enabled virtual machines Configure auto-assessment (every 24 hours) for OS updates. You can control the scope of assignment according to machine subscription, resource group, location or tag. Learn more about this for Windows: https://aka.ms/computevm-windowspatchassessmentmode, for Linux: https://aka.ms/computevm-linuxpatchassessmentmode. n/a Builtin Policies 2/2
Static Policies 0/2
ALZ Policies 0/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Security Center d7c3ea3a-edf3-4bd5-bd64-d5b635b05393 Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a LA workspace Microsoft Defender for SQL collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Creates a resource group and a Data Collection Rule and Log Analytics workspace in the same region as the machine. 2024-05-15 Builtin Policies 9/9
Static Policies 0/9
GA 1.3.0 1.2.0-preview
1.2.1
1.3.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.2.0
parity:false
falseBuiltIn
Security Center de01d381-bae9-4670-8870-786f89f49e26 Configure SQL VMs and Arc-enabled SQL Servers to install Microsoft Defender for SQL and AMA with a user-defined LA workspace Microsoft Defender for SQL collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Creates a resource group and a Data Collection Rule in the same region as the user-defined Log Analytics workspace. 2024-05-15 Builtin Policies 8/8
Static Policies 0/8
GA 1.2.0 1.1.0-preview
1.1.1
1.2.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.2.0
parity:true
falseBuiltIn
Security Center Deploy-MDFC-Config_20240319 Deploy Microsoft Defender for Cloud configuration Deploy Microsoft Defender for Cloud configuration n/a Builtin Policies 16/17
Static Policies 0/17
ALZ Policies 1/17
GA 2.2.0 n/a AzCloud:true
AzChinaCloud:false
AzUSGovernment:false
falseALZ
Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Microsoft cloud security benchmark The Microsoft cloud security benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft cloud security benchmark, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud. 2025-03-12 Builtin Policies 224/224
Static Policies 0/224
GA 57.49.0 57.23.1
57.24.0
57.25.0
57.26.0
57.27.0
57.28.1
57.29.0
57.30.0
57.31.0
57.32.0
57.33.0
57.34.0
57.35.0
57.36.0
57.37.0
57.38.0
57.39.0
57.40.0
57.41.0
57.42.0
57.43.0
57.44.0
57.45.0
57.46.0
57.47.0
57.48.0
57.49.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
47.31.0
parity:false
trueBuiltIn
Service Bus Enforce-Guardrails-ServiceBus Enforce recommended guardrails for Service Bus This policy initiative is a group of policies that ensures Service Bus is compliant per regulated Landing Zones. n/a Builtin Policies 4/4
Static Policies 0/4
ALZ Policies 0/4
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
SQL Deploy-Sql-Security [Deprecated]: Deploy SQL Database built-in SQL security configuration Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment. Superseded by https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Deploy-Sql-Security_20240529.html n/a Builtin Policies 1/4
Static Policies 0/4
ALZ Policies 3/4
Deprecated 1.0.0-deprecated n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
SQL a55e4a7e-1b9c-43ef-b4b3-642f303804d6 Azure SQL Database should have Microsoft Entra-only authentication Require Microsoft Entra-only authentication for Azure SQL Database, disabling local authentication methods. This allows access exclusively via Microsoft Entra identities, enhancing security with modern authentication enhancements including MFA, SSO, and secret-less programmatic access with managed identities. 2024-01-29 Builtin Policies 2/2
Static Policies 0/2
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
SQL 9b8d8228-e8cc-4c95-8d98-47f32df40b5e Azure SQL Managed Instance should have Microsoft Entra-only authentication Require Microsoft Entra-only authentication for Azure SQL Managed instance, disabling local authentication methods. This allows access exclusively via Microsoft Entra identities, enhancing security with modern authentication enhancements including MFA, SSO, and secret-less programmatic access with managed identities. 2024-01-29 Builtin Policies 2/2
Static Policies 0/2
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
SQL Deploy-Sql-Security_20240529 Deploy SQL Database built-in SQL security configuration Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment n/a Builtin Policies 1/4
Static Policies 0/4
ALZ Policies 3/4
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
SQL Enforce-Guardrails-SQL Enforce recommended guardrails for SQL and SQL Managed Instance This policy initiative is a group of policies that ensures SQL and SQL Managed Instance is compliant per regulated Landing Zones. n/a Builtin Policies 5/5
Static Policies 0/5
ALZ Policies 0/5
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Storage Enforce-Guardrails-Storage Enforce recommended guardrails for Storage Account This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones. n/a Builtin Policies 12/22
Static Policies 0/22
ALZ Policies 10/22
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Synapse 6cccc75e-6b5c-4e63-8b4a-8427bc49fe5f Configure Synapse Workspaces to mandate Microsoft Entra-only identities for authentication Require and configure Microsoft Entra-only authentication for Synapse Workspaces, disabling local authentication methods. This allows access exclusively via Microsoft Entra identities, enhancing security with modern authentication enhancements including MFA, SSO, and secret-less programmatic access with managed identities. 2024-01-29 Builtin Policies 2/2
Static Policies 0/2
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Synapse Enforce-Guardrails-Synapse Enforce recommended guardrails for Synapse workspaces This policy initiative is a group of policies that ensures Synapse workspaces is compliant per regulated Landing Zones. n/a Builtin Policies 9/9
Static Policies 0/9
ALZ Policies 0/9
GA 1.2.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
Synapse 1ee51566-9bb4-49da-b8d2-3c06991963eb Synapse Workspaces should have Microsoft Entra-only authentication Require Microsoft Entra-only authentication for Synapse Workspaces, disabling local authentication methods. This allows access exclusively via Microsoft Entra identities, enhancing security with modern authentication enhancements including MFA, SSO, and secret-less programmatic access with managed identities. 2024-01-29 Builtin Policies 2/2
Static Policies 0/2
GA 1.0.0 1.0.0 AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Tags 1bb84455-9e6e-434c-8db6-fa6d03a67e87 Ensures resources to not have a specific tag. Denies the creation of a resource that contains the given tag. Does not apply to resource groups. 2024-09-23 Builtin Policies 1/1
Static Policies 0/1
GA 2.0.0 1.0.0
1.0.1
1.1.1
2.0.0
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Trusted Launch 281d9e47-d14d-4f05-b8eb-18f2c4a034ff [Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs Configure the Trusted Launch enabled virtual machines to automatically install the Guest Attestation extension and enable system-assigned managed identity to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. For more details, please refer to the following link - https://aka.ms/trustedlaunch 2021-10-29 Builtin Policies 7/7
Static Policies 0/7
Preview 3.0.0-preview 3.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:unknown
falseBuiltIn
Trusted Launch Audit-TrustedLaunch Audit virtual machines for Trusted Launch support Trusted Launch improves security of a Virtual Machine which requires VM SKU, OS Disk & OS Image to support it (Gen 2). To learn more about Trusted Launch, visit https://aka.ms/trustedlaunch. n/a Builtin Policies 2/2
Static Policies 0/2
ALZ Policies 0/2
GA 1.1.0 n/a AzCloud:true
AzChinaCloud:true
AzUSGovernment:true
falseALZ
VirtualEnclaves d300338e-65d1-4be3-b18e-fb4ce5715a8f [Preview]: Control the use of AKS in a Virtual Enclave This initiative deploys Azure policies for AKS ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-01-17 Builtin Policies 8/8
Static Policies 0/8
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-preview
parity:true
falseBuiltIn
VirtualEnclaves 528d78c5-246c-4f26-ade6-d30798705411 [Preview]: Control the use of App Service in a Virtual Enclave This initiative deploys Azure policies for App Service ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-01-17 Builtin Policies 44/44
Static Policies 0/44
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-preview
parity:true
falseBuiltIn
VirtualEnclaves b3fe25eb-cdc6-475f-96a5-04ac270f630d [Preview]: Control the use of Container Registry in a Virtual Enclave This initiative deploys Azure policies for Container Registry ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-01-17 Builtin Policies 8/8
Static Policies 0/8
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-preview
parity:true
falseBuiltIn
VirtualEnclaves 6bd484ca-ae8d-46cf-9b33-e1feef84bfba [Preview]: Control the use of CosmosDB in a Virtual Enclave This initiative deploys Azure policies for CosmosDB ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-01-17 Builtin Policies 8/8
Static Policies 0/8
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-preview
parity:true
falseBuiltIn
VirtualEnclaves 0a9ea1cb-7925-47fc-b0fe-8bb0a8190423 [Preview]: Control the use of diagnostic settings for specific resources in a Virtual Enclave This initiative deploys Azure policies to ensure configuration of specific resource types in Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-02-23 Builtin Policies 25/25
Static Policies 0/25
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-preview
parity:true
falseBuiltIn
VirtualEnclaves 4f4dba0f-a5ee-494b-8df7-f9727dea6f37 [Preview]: Control the use of Key Vault in a Virtual Enclave This initiative deploys Azure policies for Key Vaults ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-01-17 Builtin Policies 2/2
Static Policies 0/2
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-preview
parity:true
falseBuiltIn
VirtualEnclaves 0fbe78a5-1722-4f1b-83a5-89c14151fa60 [Preview]: Control the use of Microsoft SQL in a Virtual Enclave This initiative deploys Azure policies for Microsoft SQL ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-01-17 Builtin Policies 23/23
Static Policies 0/23
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-preview
parity:true
falseBuiltIn
VirtualEnclaves 5eaa16b4-81f2-4354-aef3-2d77288e396e [Preview]: Control the use of PostgreSql in a Virtual Enclave This initiative deploys Azure policies for PostgreSql ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-01-17 Builtin Policies 10/10
Static Policies 0/10
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-preview
parity:true
falseBuiltIn
VirtualEnclaves 8fcdb3f1-1369-426d-9917-81edfee903ab [Preview]: Control the use of Service Bus in a Virtual Enclave This initiative deploys Azure policies for Service Bus ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-01-17 Builtin Policies 7/7
Static Policies 0/7
Preview 1.0.0-preview 1.0.0-preview AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.0.0-preview
parity:true
falseBuiltIn
VirtualEnclaves ca122c06-05f6-4423-9018-ccb523168eb2 [Preview]: Control the use of Storage Accounts in a Virtual Enclave This initiative deploys Azure policies for Storage Accounts ensuring boundary protection of this resource while it operates within the logically separated structure of Azure Virtual Enclaves. https://aka.ms/VirtualEnclaves 2024-03-01 Builtin Policies 11/11
Static Policies 0/11
Preview 1.1.0-preview 1.0.0-preview
1.1.0-preview
AzCloud:true
AzChinaCloud:unknown
AzUSGovernment:true
1.1.0-preview
parity:true
falseBuiltIn