last sync: 2020-Jul-13 14:14:31 UTC

All Azure Policy Initiatives

Category Id DisplayName Description Policies
Cosmos DB cb5e1e90-7c33-491c-a15b-24885c915752 Enable Azure Cosmos DB throughput policy Enable throughput control for Azure Cosmos DB resources in the specified scope (Management group, Subscription or resource group). Takes max throughput as parameter. Use this policy to help enforce throughput control via the resource provider. Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 9d2fd8e6-95c8-410d-add0-43ada4241574 [Deprecated]: Audit Windows VMs on which Windows Defender Exploit Guard is not enabled This initiative deploys the policy requirements and audits Windows virtual machines on which Windows Defender Exploit Guard is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration c937dcb4-4398-4b39-8d63-4a6be432252e Audit Linux VMs that do not have the specified applications installed This initiative deploys the policy requirements and audits Linux virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration f48bcc78-5400-4fb0-b913-5140a2e5fa20 Audit Linux VMs that have the specified applications installed This initiative deploys the policy requirements and audits Linux virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6 Audit VMs with insecure password security settings This initiative deploys the policy requirements and audits virtual machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 18/18
Static Policies: 0/18
Guest Configuration acb6cd8e-45f5-466f-b3cb-ff6fce525f71 Audit Windows Server VMs on which Windows Serial Console is not enabled This initiative deploys the policy requirements and audits Windows Server virtual machines on which Windows Serial Console is not enabled. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration add1999e-a61c-46d3-b8c3-f35fb8398175 Audit Windows VMs in which the Administrators group contains any of the specified members This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group contains any of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 133046de-0bd7-4546-93f4-f452e9e258b7 Audit Windows VMs in which the Administrators group does not contain all of the specified members This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain all of the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 06122b01-688c-42a8-af2e-fa97dd39aa3b Audit Windows VMs in which the Administrators group does not contain only the specified members This initiative deploys the policy requirements and audits Windows virtual machines in which the Administrators group does not contain only the specified members. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration c58599d5-0d51-454f-aaf1-da18a5e76edd Audit Windows VMs on which the DSC configuration is not compliant This initiative deploys the policy requirements and audits Windows VMs on which the Desired State Configuration (DSC) configuration is not compliant. This policy is only applicable to machines with WMF 4 and above. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 06c5e415-a662-463a-bb85-ede14286b979 Audit Windows VMs on which the Log Analytics agent is not connected as expected This initiative deploys the policy requirements and audits Windows virtual machines on which the Log Analytics agent is not connected to the specified workspaces. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 4ddaefff-7c78-4824-9b27-5c344f3cdf90 Audit Windows VMs on which the remote host connection status does not match the specified one This initiative deploys the policy requirements and audits Windows virtual machines on which the remote host connection status does not match the specified one. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 8eeec860-e2fa-4f89-a669-84942c57225f Audit Windows VMs on which the specified services are not installed and 'Running' This initiative deploys the policy requirements and audits Windows virtual machines on which the specified services are not installed and 'Running'. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 6b3c1e80-8ae5-405b-b021-c23d13b3959f Audit Windows VMs that are not joined to the specified domain This initiative deploys the policy requirements and audits Windows virtual machines that are not joined to the specified domain. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 538942d3-3fae-4fb6-9d94-744f9a51e7da Audit Windows VMs that are not set to the specified time zone This initiative deploys the policy requirements and audits Windows virtual machines that are not set to the specified time zone. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration b6f5e05c-0aaa-4337-8dd4-357c399d12ae Audit Windows VMs that contain certificates expiring within the specified number of days This initiative deploys the policy requirements and audits Windows virtual machines that contain certificates expiring within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration cdfcc6ff-945e-4bc6-857e-056cbc511e0c Audit Windows VMs that do not contain the specified certificates in Trusted Root This initiative deploys the policy requirements and audits Windows VMs that do not contain the specified certificates in the Trusted Root Certification Authorities certificate store (Cert:\LocalMachine\Root). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 25ef9b72-4af2-4501-acd1-fc814e73dde1 Audit Windows VMs that do not have the specified applications installed This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration f000289c-47af-4043-87da-91ba9e1a2720 Audit Windows VMs that do not have the specified Windows PowerShell execution policy This initiative deploys the policy requirements and audits Windows virtual machines where Windows PowerShell is not configured to use the specified PowerShell execution policy. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration c980fd64-c67f-49a6-a8a8-e57661150802 Audit Windows VMs that do not have the specified Windows PowerShell modules installed This initiative deploys the policy requirements and audits Windows virtual machines that do not have the specified Windows PowerShell modules installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration d618d658-b2d0-410e-9e2e-bfbfd04d09fa Audit Windows VMs that do not match Azure security baseline settings This initiative deploys the policy requirements and audits Windows virtual machines with non-compliant Azure security baseline configurations. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 58/58
Static Policies: 0/58
Guest Configuration b8b5b0a8-b809-4e5d-8082-382c686e35b7 Audit Windows VMs that have not restarted within the specified number of days This initiative deploys the policy requirements and audits Windows virtual machines that have not restarted within the specified number of days. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration d7fff7ea-9d47-4952-b854-b7da261e48f2 Audit Windows VMs that have the specified applications installed This initiative deploys the policy requirements and audits Windows virtual machines that have the specified applications installed. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration c96b2a9c-6fab-4ac2-ae21-502143491cd4 Audit Windows VMs with a pending reboot This initiative deploys the policy requirements and audits Windows virtual machines with a pending reboot. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Guest Configuration 8bc55e6b-e9d5-4266-8dac-f688d151ec9c Audit Windows web servers that are not using secure communication protocols This initiative deploys the policy requirements and audits Windows web servers that are not using secure communication protocols (TLS 1.1 or TLS 1.2). For more information on Guest Configuration policies, please visit https://aka.ms/gcpol Builtin Policies: 2/2
Static Policies: 0/2
Kubernetes a8640138-9b0a-4a28-b8cb-1666c838647d [Preview]: Kubernetes cluster pod security baseline standards for Linux-based workloads This initiative includes the policies for the Kubernetes cluster pod security baseline standards. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. Builtin Policies: 5/5
Static Policies: 0/5
Kubernetes 42b8ef37-b724-4e24-bbc8-7a7708edfe00 [Preview]: Kubernetes cluster pod security restricted standards for Linux-based workloads This initiative includes the policies for the Kubernetes cluster pod security restricted standards. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. Builtin Policies: 7/7
Static Policies: 0/7
Monitoring 75714362-cae7-409e-9b99-a8e5075b7fad Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. Builtin Policies: 6/6
Static Policies: 0/6
Monitoring 55f3eceb-5573-4f18-9695-226972c6d74a Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. Builtin Policies: 10/10
Static Policies: 0/10
Regulatory Compliance 8d792a84-723c-4d92-a3c3-e4ed16a2d133 [Deprecated]: DOD Impact Level 4 This initiative includes audit and virtual machine extension deployment policies that address a subset of DOD Impact Level 4 (IL4) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/dodil4-blueprint. Builtin Policies: 105/105
Static Policies: 0/105
Regulatory Compliance 27272c0b-c225-4cc3-b8b0-f2534b093077 [Preview]: Australian Government ISM PROTECTED This initiative includes audit and virtual machine extension deployment policies that address a subset of Australian Government Information Security Manual(ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/AustralianGovernmentISM-blueprint. Builtin Policies: 63/63
Static Policies: 0/63
Regulatory Compliance 42a694ed-f65e-42b2-aa9e-8052e9740a92 [Preview]: Azure Security Benchmark This initiative includes audit and virtual machine extension deployment policies that address a subset of Azure Security Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm. Builtin Policies: 149/149
Static Policies: 0/149
Regulatory Compliance 92646f03-e39d-47a9-9e24-58d60ef49af8 [Preview]: Motion Picture Association of America (MPAA) This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-blueprint. Builtin Policies: 44/44
Static Policies: 0/44
Regulatory Compliance 03055927-78bd-4236-86c0-f36125a10dc9 [Preview]: NIST SP 800-171 R2 This initiative includes audit and virtual machine extension policies that address a subset of NIST SP 800-171 R2 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800171r2-blueprint. Builtin Policies: 88/88
Static Policies: 0/88
Regulatory Compliance 3e0c67fc-8c7c-406c-89bd-6b6bdc986a22 [Preview]: SWIFT CSP-CSCF v2020 This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift-blueprint. Builtin Policies: 70/70
Static Policies: 0/70
Regulatory Compliance 4c4a5f27-de81-430b-b4e5-9cbd50595a87 Canada Federal PBMM This initiative includes audit and virtual machine extension deployment policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/canadafederalpbmm-blueprint. Builtin Policies: 66/66
Static Policies: 0/66
Regulatory Compliance 1a5bb27d-173f-493e-9568-eb56638dde4d CIS Microsoft Azure Foundations Benchmark 1.1.0 This initiative includes audit policies that address a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cisazure-blueprint. Builtin Policies: 85/85
Static Policies: 0/85
Regulatory Compliance d5264498-16f4-418a-b659-fa7ef418175f FedRAMP High This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP H controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/fedramph-blueprint. Builtin Policies: 80/80
Static Policies: 0/80
Regulatory Compliance e95f5a9f-57ad-4d03-bb0b-b1d16db93693 FedRAMP Moderate This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP M controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/fedrampm-blueprint. Builtin Policies: 70/70
Static Policies: 0/70
Regulatory Compliance a169a624-5599-4385-a696-c8d643089fab HITRUST/HIPAA This initiative includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint. Builtin Policies: 136/136
Static Policies: 0/136
Regulatory Compliance 105e0327-6175-4eb2-9af4-1fba43bdb39d IRS1075 September 2016 This initiative includes audit and virtual machine extension deployment policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/irs1075-blueprint. Builtin Policies: 70/70
Static Policies: 0/70
Regulatory Compliance 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 ISO 27001:2013 This initiative includes audit and virtual machine extension deployment policies that address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/iso27001-blueprint. Builtin Policies: 56/56
Static Policies: 0/56
Regulatory Compliance cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f NIST SP 800-53 R4 This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist80053-blueprint. Builtin Policies: 70/798
Static Policies: 728/798
Regulatory Compliance 496eeda9-8f2f-4d5e-8dfd-204f0a92ed41 PCI v3.2.1:2018 This initiative includes audit and virtual machine extension deployment policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/pciv321-init. Builtin Policies: 37/37
Static Policies: 0/37
Regulatory Compliance 3937f550-eedd-4639-9c5e-294358be442e UK OFFICIAL and UK NHS This initiative includes audit and virtual machine extension deployment policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint. Builtin Policies: 64/64
Static Policies: 0/64
Security Center 9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97 [Preview]: Enable Data Protection Suite Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier. Builtin Policies: 1/1
Static Policies: 0/1
Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Enable Monitoring in Azure Security Center Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center. Builtin Policies: 103/103
Static Policies: 0/103