last sync: 2022-May-24 16:30:27 UTC

All Azure Policy Initiatives

BuiltIn
9 categories
Enterprise-Scale
4 categories
Category Id DisplayName Description Policies State Type
Cosmos DB cb5e1e90-7c33-491c-a15b-24885c915752 Enable Azure Cosmos DB throughput policy Enable throughput control for Azure Cosmos DB resources in the specified scope (Management group, Subscription or resource group). Takes max throughput as parameter. Use this policy to help enforce throughput control via the resource provider. Builtin Policies: 2/2
Static Policies: 0/2
GABuiltIn
Encryption Enforce-Encryption-CMK Deny or Audit resources without Encryption with a customer-managed key (CMK) Deny or Audit resources without Encryption with a customer-managed key (CMK) Builtin Policies: 15/15
Static Policies: 0/15
ESLZ Policies: 0/15
GAESLZ
Encryption Enforce-EncryptTransit Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing exsistense condition require then the combination of Audit. Builtin Policies: 4/22
Static Policies: 0/22
ESLZ Policies: 18/22
GAESLZ
Guest Configuration c937dcb4-4398-4b39-8d63-4a6be432252e [Deprecated]: Audit Linux VMs that do not have the specified applications installed This initiative deploys the policy requirements and audits Linux virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration f48bcc78-5400-4fb0-b913-5140a2e5fa20 [Deprecated]: Audit Linux VMs that have the specified applications installed This initiative deploys the policy requirements and audits Linux virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6 [Deprecated]: Audit VMs with insecure password security settings This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 18/18
Static Policies: 0/18
DeprecatedBuiltIn
Guest Configuration acb6cd8e-45f5-466f-b3cb-ff6fce525f71 [Deprecated]: Audit Windows Server VMs on which Windows Serial Console is not enabled This initiative deploys the policy requirements and audits Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration add1999e-a61c-46d3-b8c3-f35fb8398175 [Deprecated]: Audit Windows VMs in which the Administrators group contains any of the specified members This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group contains any of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 133046de-0bd7-4546-93f4-f452e9e258b7 [Deprecated]: Audit Windows VMs in which the Administrators group does not contain all of the specified members This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain all of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 06122b01-688c-42a8-af2e-fa97dd39aa3b [Deprecated]: Audit Windows VMs in which the Administrators group does not contain only the specified members This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain only the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration c58599d5-0d51-454f-aaf1-da18a5e76edd [Deprecated]: Audit Windows VMs on which the DSC configuration is not compliant This initiative deploys the policy requirements and audits Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. This policy is only applicable to machines with WMF 4 and above. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 06c5e415-a662-463a-bb85-ede14286b979 [Deprecated]: Audit Windows VMs on which the Log Analytics agent is not connected as expected This initiative deploys the policy requirements and audits Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 4ddaefff-7c78-4824-9b27-5c344f3cdf90 [Deprecated]: Audit Windows VMs on which the remote host connection status does not match the specified one This initiative deploys the policy requirements and audits Windows virtual machines on which the remote host connection status does not match the specified one. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 8eeec860-e2fa-4f89-a669-84942c57225f [Deprecated]: Audit Windows VMs on which the specified services are not installed and 'Running' This initiative deploys the policy requirements and audits Windows virtual machines on which the specified services are not installed and 'Running'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 9d2fd8e6-95c8-410d-add0-43ada4241574 [Deprecated]: Audit Windows VMs on which Windows Defender Exploit Guard is not enabled This initiative deploys the policy requirements and audits Windows virtual machines on which Windows Defender Exploit Guard is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 6b3c1e80-8ae5-405b-b021-c23d13b3959f [Deprecated]: Audit Windows VMs that are not joined to the specified domain This initiative deploys the policy requirements and audits Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 538942d3-3fae-4fb6-9d94-744f9a51e7da [Deprecated]: Audit Windows VMs that are not set to the specified time zone This initiative deploys the policy requirements and audits Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration b6f5e05c-0aaa-4337-8dd4-357c399d12ae [Deprecated]: Audit Windows VMs that contain certificates expiring within the specified number of days This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration cdfcc6ff-945e-4bc6-857e-056cbc511e0c [Deprecated]: Audit Windows VMs that do not contain the specified certificates in Trusted Root This initiative deploys the policy requirements and audits Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\LocalMachine\Root). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 25ef9b72-4af2-4501-acd1-fc814e73dde1 [Deprecated]: Audit Windows VMs that do not have the specified applications installed This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration f000289c-47af-4043-87da-91ba9e1a2720 [Deprecated]: Audit Windows VMs that do not have the specified Windows PowerShell execution policy This initiative deploys the policy requirements and audits Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration c980fd64-c67f-49a6-a8a8-e57661150802 [Deprecated]: Audit Windows VMs that do not have the specified Windows PowerShell modules installed This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified Windows PowerShell modules installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration d618d658-b2d0-410e-9e2e-bfbfd04d09fa [Deprecated]: Audit Windows VMs that do not match Azure compute security baseline settings This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure compute security baseline configurations. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 58/58
Static Policies: 0/58
DeprecatedBuiltIn
Guest Configuration b8b5b0a8-b809-4e5d-8082-382c686e35b7 [Deprecated]: Audit Windows VMs that have not restarted within the specified number of days This initiative deploys the policy requirements and audits Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration d7fff7ea-9d47-4952-b854-b7da261e48f2 [Deprecated]: Audit Windows VMs that have the specified applications installed This initiative deploys the policy requirements and audits Windows virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration c96b2a9c-6fab-4ac2-ae21-502143491cd4 [Deprecated]: Audit Windows VMs with a pending reboot This initiative deploys the policy requirements and audits Windows virtual machines with a pending reboot. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration 8bc55e6b-e9d5-4266-8dac-f688d151ec9c [Deprecated]: Audit Windows web servers that are not using secure communication protocols This initiative deploys the policy requirements and audits Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
DeprecatedBuiltIn
Guest Configuration be7a78aa-3e10-4153-a5fd-8c6506dbc821 [Preview]: Windows machines should meet requirements for the Azure compute security baseline This initiative audits Windows machines with settings that do not meet the Azure compute security baseline. For details, please visit https://aka.ms/gcpol Builtin Policies: 29/29
Static Policies: 0/29
PreviewBuiltIn
Guest Configuration 095e4ed9-c835-4ab6-9439-b5644362a06c Audit machines with insecure password security settings This initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 9/9
Static Policies: 0/9
GABuiltIn
Guest Configuration 12794019-7a00-42cf-95c2-882eed337cc8 Deploy prerequisites to enable Guest Configuration policies on virtual machines This initiative adds a system-assigned managed identity and deploys the platform-appropriate Guest Configuration extension to virtual machines that are eligible to be monitored by Guest Configuration policies. This is a prerequisite for all Guest Configuration policies and must be assigned to the policy assignment scope before using any Guest Configuration policy. For more information on Guest Configuration, visit https://aka.ms/gcpol. Builtin Policies: 4/4
Static Policies: 0/4
GABuiltIn
Kubernetes a8640138-9b0a-4a28-b8cb-1666c838647d Kubernetes cluster pod security baseline standards for Linux-based workloads This initiative includes the policies for the Kubernetes cluster pod security baseline standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. Builtin Policies: 5/5
Static Policies: 0/5
GABuiltIn
Kubernetes 42b8ef37-b724-4e24-bbc8-7a7708edfe00 Kubernetes cluster pod security restricted standards for Linux-based workloads This initiative includes the policies for the Kubernetes cluster pod security restricted standards. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. Builtin Policies: 8/8
Static Policies: 0/8
GABuiltIn
Monitoring 39a366e6-fdde-4f41-bbf8-3757f46d1611 [Preview]: Configure Azure Defender for SQL agents on virtual machines Configure virtual machines to automatically install the Azure Defender for SQL agents where the Azure Monitor Agent is installed. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Creates a resource group and Log Analytics workspace in the same region as the machine. This policy only applies to VMs in a few regions. Builtin Policies: 1/1
Static Policies: 0/1
PreviewBuiltIn
Monitoring a15f3269-2e10-458c-87a4-d5989e678a73 [Preview]: Configure machines to automatically install the Azure Monitor and Azure Security agents on virtual machines Configure machines to automatically install the Azure Monitor and Azure Security agents. Security Center collects events from the agents and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and Log Analytics workspace in the same region as the machine to store audit records. This policy only applies to VMs in a few regions. Builtin Policies: 7/7
Static Policies: 0/7
PreviewBuiltIn
Monitoring 118f04da-0375-44d1-84e3-0fd9e1849403 Configure Linux machines to run Azure Monitor Agent and associate them to a Data Collection Rule Monitor and secure your Linux virtual machines, virtual machine scale sets, and Arc machines by deploying the Azure Monitor Agent extension and associating the machines with a specified Data Collection Rule. Deployment will occur on machines with supported OS images (or machines matching the provided list of images) in supported regions. Builtin Policies: 4/4
Static Policies: 0/4
GABuiltIn
Monitoring 9575b8b7-78ab-4281-b53b-d3c1ace2260b Configure Windows machines to run Azure Monitor Agent and associate them to a Data Collection Rule Monitor and secure your Windows virtual machines, virtual machine scale sets, and Arc machines by deploying the Azure Monitor Agent extension and associating the machines with a specified Data Collection Rule. Deployment will occur on machines with supported OS images (or machines matching the provided list of images) in supported regions. Builtin Policies: 4/4
Static Policies: 0/4
GABuiltIn
Monitoring Deploy-Diagnostics-LogAnalytics Deploy Diagnostic Settings to Azure Services This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included Builtin Policies: 13/62
Static Policies: 0/62
ESLZ Policies: 49/62
GAESLZ
Monitoring 75714362-cae7-409e-9b99-a8e5075b7fad Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. Builtin Policies: 6/6
Static Policies: 0/6
GABuiltIn
Monitoring 55f3eceb-5573-4f18-9695-226972c6d74a Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Builtin Policies: 10/10
Static Policies: 0/10
GABuiltIn
Network 62329546-775b-4a3d-a4cb-eb4bb990d2c0 Flow logs should be configured and enabled for every network security group Audit for network security groups to verify if flow logs are configured and if flow log status is enabled. Enabling flow logs allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more. Builtin Policies: 2/2
Static Policies: 0/2
GABuiltIn
Regulatory Compliance 42a694ed-f65e-42b2-aa9e-8052e9740a92 [Deprecated]: Azure Security Benchmark v1 This initiative has been deprecated. The Azure Security Benchmark initiative now represents the Azure Security Benchmark v2 controls, and serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center. Builtin Policies: 132/132
Static Policies: 0/132
DeprecatedBuiltIn
Regulatory Compliance bb522ac1-bc39-4957-b194-429bcd3bcb0b [Deprecated]: Azure Security Benchmark v2 This initiative has been deprecated. The Azure Security Benchmark v2 policy set is now represented in the consolidated Azure Security Benchmark initiative, which also serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center Builtin Policies: 174/174
Static Policies: 0/174
DeprecatedBuiltIn
Regulatory Compliance 8d792a84-723c-4d92-a3c3-e4ed16a2d133 [Deprecated]: DoD Impact Level 4 This initiative includes policies that address a subset of DoD Impact Level 4 (IL4) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/dodil4-initiative. Builtin Policies: 91/91
Static Policies: 0/91
DeprecatedBuiltIn
Regulatory Compliance 27272c0b-c225-4cc3-b8b0-f2534b093077 [Preview]: Australian Government ISM PROTECTED This initiative includes policies that address a subset of Australian Government Information Security Manual (ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/auism-initiative. Builtin Policies: 58/58
Static Policies: 0/58
PreviewBuiltIn
Regulatory Compliance 92646f03-e39d-47a9-9e24-58d60ef49af8 [Preview]: Motion Picture Association of America (MPAA) This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-init. Builtin Policies: 36/36
Static Policies: 0/36
PreviewBuiltIn
Regulatory Compliance 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 [Preview]: RMIT Malaysia This initiative includes policies that address a subset of RMIT requirements. Additional policies will be added in upcoming releases. For more information, visit aka.ms/rmit-initiative. Builtin Policies: 228/228
Static Policies: 0/228
PreviewBuiltIn
Regulatory Compliance abf84fac-f817-a70c-14b5-47eec767458a [Preview]: SWIFT CSCF v2021 This initiative includes policies that address a subset of SWIFT Customer Security Controls Framework v2021 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2021-init. Builtin Policies: 145/145
Static Policies: 0/145
PreviewBuiltIn
Regulatory Compliance 3e0c67fc-8c7c-406c-89bd-6b6bdc986a22 [Preview]: SWIFT CSP-CSCF v2020 This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2020-init. Builtin Policies: 61/61
Static Policies: 0/61
PreviewBuiltIn
Regulatory Compliance 4c4a5f27-de81-430b-b4e5-9cbd50595a87 Canada Federal PBMM This initiative includes policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/canadafederalpbmm-init. Builtin Policies: 59/59
Static Policies: 0/59
GABuiltIn
Regulatory Compliance 1a5bb27d-173f-493e-9568-eb56638dde4d CIS Microsoft Azure Foundations Benchmark v1.1.0 This initiative includes policies that address a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cisazure110-initiative. Builtin Policies: 87/87
Static Policies: 0/87
GABuiltIn
Regulatory Compliance 612b5213-9160-4969-8578-1518bd2a000c CIS Microsoft Azure Foundations Benchmark v1.3.0 This initiative includes policies that address a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cisazure130-initiative. Builtin Policies: 92/92
Static Policies: 0/92
GABuiltIn
Regulatory Compliance b5629c75-5c77-4422-87b9-2509e680f8de CMMC Level 3 This initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative. Builtin Policies: 174/174
Static Policies: 0/174
GABuiltIn
Regulatory Compliance d5264498-16f4-418a-b659-fa7ef418175f FedRAMP High This initiative includes policies that address a subset of FedRAMP High controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/fedramph-initiative. Builtin Policies: 257/257
Static Policies: 0/257
GABuiltIn
Regulatory Compliance e95f5a9f-57ad-4d03-bb0b-b1d16db93693 FedRAMP Moderate This initiative includes policies that address a subset of FedRAMP Moderate controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/fedrampm-initiative. Builtin Policies: 257/257
Static Policies: 0/257
GABuiltIn
Regulatory Compliance a169a624-5599-4385-a696-c8d643089fab HITRUST/HIPAA This initiative includes policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-init. Builtin Policies: 119/119
Static Policies: 0/119
GABuiltIn
Regulatory Compliance 105e0327-6175-4eb2-9af4-1fba43bdb39d IRS1075 September 2016 This initiative includes policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/irs1075-init. Builtin Policies: 62/62
Static Policies: 0/62
GABuiltIn
Regulatory Compliance 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 ISO 27001:2013 This initiative includes policies that address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/iso27001-init. Builtin Policies: 51/51
Static Policies: 0/51
GABuiltIn
Regulatory Compliance d1a462af-7e6d-4901-98ac-61570b4ed22a New Zealand ISM Restricted This initiative includes policies that address a subset of New Zealand Information Security Manual controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative. Builtin Policies: 144/144
Static Policies: 0/144
GABuiltIn
Regulatory Compliance 03055927-78bd-4236-86c0-f36125a10dc9 NIST SP 800-171 Rev. 2 This initiative includes policies that address a subset of NIST SP 800-171 Rev. 2 requirements. Policies may be added or removed in future releases. For more information, visit https://aka.ms/nist800171r2-initiative. Builtin Policies: 259/259
Static Policies: 0/259
GABuiltIn
Regulatory Compliance cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f NIST SP 800-53 Rev. 4 This initiative includes policies that address a subset of NIST SP 800-53 Rev. 4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative. Builtin Policies: 258/986
Static Policies: 728/986
GABuiltIn
Regulatory Compliance 179d1daa-458f-4e47-8086-2a68d0d6c38f NIST SP 800-53 Rev. 5 This initiative includes policies that address a subset of NIST SP 800-53 Rev. 5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r5-initiative. Builtin Policies: 258/967
Static Policies: 709/967
GABuiltIn
Regulatory Compliance 496eeda9-8f2f-4d5e-8dfd-204f0a92ed41 PCI v3.2.1:2018 This initiative includes policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/pciv321-init. Builtin Policies: 37/37
Static Policies: 0/37
GABuiltIn
Regulatory Compliance 3937f550-eedd-4639-9c5e-294358be442e UK OFFICIAL and UK NHS This initiative includes audit and virtual machine extension deployment policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/ukofficial-init and https://aka.ms/uknhs-init. Builtin Policies: 59/59
Static Policies: 0/59
GABuiltIn
SDN f1535064-3294-48fa-94e2-6e83095a5c08 Audit Public Network Access Initiative Audit Azure resources that allow access from the public internet Builtin Policies: 13/13
Static Policies: 0/13
GABuiltIn
Security Center e20d08c5-6d64-656d-6465-ce9e37fd0ebc [Preview]: Deploy Microsoft Defender for Endpoint agent Deploy Microsoft Defender for Endpoint agent on applicable images. Builtin Policies: 4/4
Static Policies: 0/4
PreviewBuiltIn
Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Azure Security Benchmark The Azure Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Azure Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. Builtin Policies: 205/205
Static Policies: 0/205
GABuiltIn
Security Center e77fc0b3-f7e9-4c58-bc13-cb753ed8e46e Configure Advanced Threat Protection to be enabled on open-source relational databases Enable Advanced Threat Protection on your non-Basic tier open-source relational databases to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. See https://aka.ms/AzDforOpenSourceDBsDocu. Builtin Policies: 3/3
Static Policies: 0/3
GABuiltIn
Security Center 9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Builtin Policies: 2/2
Static Policies: 0/2
GABuiltIn
Security Center Deploy-MDFC-Config Deploy Microsoft Defender for Cloud configuration Deploy Microsoft Defender for Cloud configuration Builtin Policies: 11/12
Static Policies: 0/12
ESLZ Policies: 1/12
GAESLZ
SQL Deploy-Sql-Security Deploy SQL Database built-in SQL security configuration Deploy auditing, Alert, TDE and SQL vulnerability to SQL Databases when it not exist in the deployment Builtin Policies: 0/4
Static Policies: 0/4
ESLZ Policies: 4/4
GAESLZ
Trusted Launch 281d9e47-d14d-4f05-b8eb-18f2c4a034ff [Preview]: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs Configure the Trusted Launch enabled virtual machines to automatically install the Guest Attestation extension and enable system-assigned managed identity to allow Azure Security Center to proactively attest and monitor the boot integrity. Boot integrity is attested via Remote Attestation. For more details, please refer to the following link - https://aka.ms/trustedlaunch Builtin Policies: 7/7
Static Policies: 0/7
PreviewBuiltIn